Canada: CCCS releases data protection recommendations for apps
On August 4, 2023, the Canadian Centre for Cyber Security (CCCS) released guidelines on how individuals and organizations can protect their privacy when using apps. The CCCS cautioned that apps may collect a lot of personal data of users and this may pose several privacy risks including third-party data sharing, cross-border data transfers, unsecured data transmission, and re-identification of anonymized data.
In light of the above, the CCCS outlined several measures organizations can take to protect their privacy when using apps. The recommendations include:
- monitoring and controlling app permissions;
- restricting the download of unapproved apps;
- securing access to apps via multi-factor authentication;
- enabling automatic app security updates;
- conducting privacy setting audits on apps; and
- training users on discerning unnecessary app permissions.
Additionally, the CCCS highlighted the following steps users should take before downloading apps:
- weigh the necessity of the app against the privacy risks;
- research the developer's reputation and security practices;
- understand the app's data collection and data use policies;
- verify the app's metadata collection and management; and
- only download from trusted sources.
You can read the press release here.