Christmas Day has been the biggest day of the year for online and app downloads in recent years, as users set up the new devices they’ve received as presents, and 2015 is expected to maintain the tradition.
Apple announced the billionth download from their Apple App Store earlier this year and alongside the enormous growth in the ownership of smartphones, tablets and so-called ‘wearables’1, such as smart watches, parents are finding increasing numbers of electronic toys are likely to rely on connectivity.
But whilst users are seeking out ever more uses for their new devices, experts are warning consumers to think before they share, as personal data becomes ever more vulnerable.
There have been many high profile hacking cases in recent months, ranging from Sony in the United States to telecoms provider TalkTalk, and one of the biggest leaks has affected more than 11 million parents and children across the world, with the breach of personal data involving Hong Kong-based toy giant VTech. In the UK, it’s involved 560,487 parent accounts and 727,155 children profiles. And whilst the company says none of its customers’ credit card data was stored or accessed, the information breach included parent names, email addresses, passwords, and secret question answers, as well as children‘s names, gender and birthdates. Also affected was VTech’s Kid Connect service, which allows parents using a smartphone app to chat with their kids using a VTech tablet.
“We are all doing more and more of our personal affairs online, whether it’s shopping, banking and official tasks like our car tax, or just chatting to our friends and children,” said corporate legal expert Mark Poulton of solicitors Stephen Rimmer LLP in Eastbourne. “It’s great for convenience, but when you sign up for an app or use online software, you need to be sure the organisation you are dealing with is going to protect your personal information. And as technology becomes ever more complex, so there are many more ways in which data can be vulnerable, beyond the obvious criminal hacking in to steal personal information.”
Many apps and websites deliver their functionality by pulling together a range of third party sources – such as social media, weather forecasts, advertisements and news feeds – and may link to code libraries hosted on third-party websites for processing content. But when users are passed through those links, personal information may not be held securely. One example could be browsing history, as sites generally collect the URL of the last website visited and without proper controls this could be transmitted to a third party when the user is routed there.
Another example, where cyberlife and reality may collide, would be an app that collects location data and interlinks with social networks by posting automatic updates that show a user’s position, which can expose them to direct crime, such as burglary if the update shows they’re away from home.
“Every business should be able to reassure customers that they have a strong cyber-security programme in place,” added Mark Poulton. “Many apps are developed by individuals, who are unlikely to have the same sort of risk management in place as larger organisations, so take a look at the reviews and do some research for an app before you press download this Christmas. And throughout the year, safeguard yourself by thinking about the way you interact with apps and software and avoid using the same passwords and memorable information.”
The Information Commissioner’s Office (ICO) is the UK’s independent authority responsible for data protection and they recommend that users only download from trusted or official app stores and to run security software on their mobile devices, whether it’s a smartphone, tablets or wearable.
Companies who collect any user data must meet the requirements of the Data Protection Act and the Communications Act in the UK; also up and coming is the EU Data Protection Regulation and the proposed EU Cybersecurity Directive.
1 YouGov survey 2015 shows 22% of the population own a tablet and 6% own a wearable.
This is not legal advice; it is intended to provide information of general interest about current legal issues.