Reading time: 5 minutes

Developing an app for your business can be a new way to bring in customers through mobile avenues. However, when customers download your app onto their phone, they invite you to collect a lot of their personal information. Therefore, you need to ensure that you adequately manage any privacy concerns before launching your app for users to download. Incidentally, it is easier to prevent privacy incidents than fix them. So, it is important that you are careful in your development process to address privacy risks. This article will go through four privacy mistakes to avoid when building an app in New Zealand.

1. Failing to Prioritise Privacy From the Beginning

If you do not address privacy concerns from the beginning of your development process, this results in more for you to fix at later and more critical stages. Failing to address privacy risks can delay the app launch or lead to unintended consequences once you release your app to users. Therefore, it is important that you embed privacy into the design of your app and other IT business practices from the beginning. Benefits to doing this include:

  • identifying potential problems before they arise, reducing cost and spent effort;
  • better privacy awareness within your team;
  • improved compliance with the Privacy Act and your privacy obligations when dealing with personal information;
  • a chance to reduce your app intrusiveness into privacy, and the negative impacts with that; and
  • increased customer trust as a business that prioritises their privacy.

A good way to address privacy from the beginning is to conduct a privacy assessment risk (PIA) before starting app development. A PIA is an evaluative exercise that analyses the privacy risks and impacts on both your users and staff. As a result, you can use this tool to determine how your new app would fare under the Privacy Act and what you need to comply with.

2. Lacking an Adequate Privacy Policy

Under privacy law, when you collect personal information, you need to tell people that you are doing so. Fortunately, you can do this by including a comprehensive privacy policy with your app. This document tells people:

  • why you collect their personal information;
  • how you collect their personal data;
  • what information you collect;
  • how you will use their personal information;
  • whether they can opt-out of giving you their personal information;
  • the consequences of opting out;
  • their right to request access and corrections to their personal information; and
  • how to contact you for privacy-related concerns.

Your privacy policy can also include information about your security protocols and similar reassurances about data protection within your app. Additionally, you will need to detail exactly what information you collect, as some types of personal information may not be immediately recognisable to your customers. Examples can include passive information such as geotracking details and user analytics.

If you do not tell app users this information, then you can face legal and reputational penalties. Therefore, it is important to develop a privacy policy along with your app to ensure you:

  • comply with the law
  • abide by your privacy policy during development; and
  • can update and change it before you release your app to customers.

Both the Apple App Store and Google Play Store require that you have a privacy policy to display your app on their market. Therefore, you will need to establish this document beforehand if you want to use these services. 

You should display your privacy policy in a pop-up box that customers can accept as they download your app. This way, you can establish that customers have seen your policy.

3. Relying on Outdated Security Measures

App security should be a priority for your business to protect your customers and comply with privacy laws. Under the Privacy Act, you need to implement reasonable safeguards to protect against personal information:

  • loss;
  • misuse; and
  • disclosure.

What is reasonable will depend on the kind of personal information and the nature of your business. Therefore, you should build app security into your development, along with code review and appropriate testing. 

Furthermore, data protection measures are constantly evolving, so you should not rely on outdated cybersecurity techniques. Malicious third parties will take advantage of weak security systems, so you must continue to improve security even after the app launch.

4. Not Being Mindful of Third-Party Connections

You will likely rely on parties outside of your business during app development, such as third-party code libraries and advertising contractors. These can be useful services, but you need to ensure that you evaluate them for security and privacy concerns.

For example, an unnoticed security mistake from a third-party library will translate to your own code, leading to a potential privacy risk. Therefore, you need to be on notice for these kinds of errors to avoid consequences such as a data breach.

Key Takeaways

When building an app for your business, privacy should be a priority from day one. That way, you can avoid future problems before they arise and meet your obligations under the Privacy Act. If you would like more information or help with privacy in your app development, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What are my privacy obligations as an app developer?

When dealing with personal information, such as app users’ names or email addresses, you need to comply with privacy law. There are regulations that restrict how you can collect, use, and share personal data. 

What is the Privacy Act?

The Privacy Act is New Zealand’s primary regulation for businesses and organisations that deal with personal information. If you do not comply with its rules, you can face potential fines or legal proceedings.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards