Mindroast
Published in

Mindroast

Privacy Policy To Keep In Mind While Developing Softwares

Understand the privacy policies before developing your next software.

So nowadays you must have seen lots of controversy over the privacy policy, the reason being we in the past have faced such scenarios where our data was used/shared with organizations which in turn was used for manipulating our decision-making ability.

Photo by Tobias Tullius on Unsplash

Every information about user behavior that we consider insignificant, can help companies earn millions of dollars. For example, social media websites show us content based on our interests and actions.

So as software developers it is our duty to keep in mind the privacy of the users as mismanaging them can cause a lot of harm to the user.

Most organizations have their privacy policies in place, which can be found on their respective website or application. Although it is practically impossible to read each/entire privacy policy while signing up for the application but it's always recommended to do so.

What is a Privacy Policy?

Photo by Jason Dent on Unsplash

So privacy policy is a legal document which states that what a business/individual does with the information/data collected from the user.

A user should accept that privacy policy and it should be present at a place where the user can access it anytime, else it will be of no use.

How to write a privacy policy?

Writing a privacy policy is not a tricky task but if you are too naive about what actually is a privacy policy, then you have other options that you can opt for:

  • Website: You can check some of the websites available which can charge you some fees in turn of making privacy policy documents for your organization. You just need to provide information about your organization and some other information.
  • Legal Help: You can take some legal help who can help you in writing a privacy policy but it is not much needed. The first option is preferred.

What privacy policy should contain?

Some of the information that your privacy policy should have been

  • Information about the data being collected like personal information
  • It should contain if the user location is been fetched.
Photo by Markus Winkler on Unsplash
  • It should contain information regarding the security measures which are followed to secure user data.
  • Information about the owner of the website/application
  • The privacy policy should have cookie information i.e what is been stores in cookies.
  • Most importantly, the effective date of that particular policy.

Recent data breach

So here are some of the data breach which happened in recent years.

Photo by Luke Chesser on Unsplash

So from these data breaches what we can learn, many times even after following best practices you might have unknowingly missed some security measures which could lead to the data breach. So it is always better to spend some time firstly sharing with users what you are fetching from them and secondly to understand about the security measures you could take.

Points to keep in mind while as a Software Developer

Tell the user what application is fetching

So a privacy policy should contain everything your application is trying to get from the user such as

Photo by Roman Kraft on Unsplash
  • User name
  • Password
  • Email id
  • Credit card information
  • Bank information etc

Nothing should be considered as an obvious thing. Explicitly mention everything in your privacy policy so that users understand in/out after reading the privacy policy.

Encryption

Store all the important value in an encrypted form, although firstly your database server should be secure enough that no one in their wild dream can get into it and fetch your data.

Photo by Markus Winkler on Unsplash

But just to be double sure store your credentials in encrypted form, the reason being even if someone is able to get the data, they cannot understand anything out of the data.
Most of the big organization has faced that the data got breached. This can cost you your reputation.

Take only relevant data

So there is always a greed for getting maximum information from the user, due to the growing age of machine learning and artificial intelligence. More data feed to a machine learning model it will provide much better results.

Photo by Franki Chamaki on Unsplash

But users have become more aware of the need to safeguard their data, try to fetch only that much data that is required for your project to run smoothly. Later if you feel that more data is needed, don't forget to let the user know about it before fetching the required data.

Network policy

Almost every cloud service provider has the option to apply the network policy to allow requests to the server. This policy includes allowing requests from limited IP/opening limited ports which can put a check on unauthorized access to the servers.

Photo by Jordan Harrison on Unsplash

Avoid opening all the ports to access the server, it is like leaving a car with a key, and expecting no one will steal it, this will make your life difficult.

Authentication

Once you have applied network policy, authentication would be another way that can help you in securing your system.

So let's assume somebody has got access to your system, if your database will have authentication in place it would be an extra layer of security. This will prevent the hacker to get access to the database directly.

It is also recommended to run the database on some other port than its default port as it will not make it very obvious to guess the default port.

Final Thoughts

So privacy policies are meant to inform the users, that what data is been collected/processed so that users know what information they are sharing with you.
- Always try to cover each and every aspect of how you are planning to use the data.
- If you are passing the data to any 3rd party API, do mention that as well. Be 100% sure about the modules/packages you are using since sometimes these could also be responsible for leaking the data.
- Authenticate the database and encrypt important information that will be stored in your database.

Before launching your application for production always have a security check since after the launch the application would be open to the world. Safeguarding your application would be your duty.

If you like the video version more than the text you can go through the following video

--

--

--

Mindroast helps the readers to remain informed about the life lesson, technology and grow as a human, both morally and professionally.

Recommended from Medium

How to Secure Web Apps — A Web App Security Checklist

My eJPT Experience

How Healthcare Providers Can Effectively Protect Patient Information

{UPDATE} AURA OF IMMORTALS- Escape, Doors and Rooms, Rescue Hack Free Resources Generator

Honeypot Project

What Is a Virtual Private Network (VPN) and why you should use it ?

Hello there..

An approach to Prioritize the Network Security Vulnerabilities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Apoorv Tomar

Apoorv Tomar

Mindroast 🇮🇳, Techie 🖥️, Wanderer🤔, Traveller ✈️, Buy me a coffee https://www.buymeacoffee.com/apoorvtomar ☕ Subscribe to Newsletter: https://mindroast.com/

More from Medium

My ideal software developer CV

Summary of What I learned in Design Pattern: Observer

Why did I decide to study Software Engineering?

My journey as a Software Developer.