> Posted by Jeffrey Riecke, Communications Assistant, CFI
Safeguards are taken in nearly all systems that handle personal information to try to keep confidential information confidential. But of course the success of these safeguards varies widely, as they’re contingent on any number of factors. Two such factors that are integral in considering the safety of information are the systems through which they travel and the places where they’re stored. Increasingly, the days of pen, paper, and filing cabinets are gone, and the days of computerized devices, satellites, and servers are here. For data enthusiasts, this creates an ocean of new opportunities. For privacy and security cautioners, this creates an equal number of new threats.
A recent report from the New America Foundation’s Open Technology Institute, Mobile Privacy and Information Security in Global Development Projects investigates concerns regarding personal information privacy and security, specifically within mobile phone-based development projects. The report asserts that by and large there are no best practices or guidelines in this development space, and that key risks here are rarely addressed.
In an effort to combat this, the report highlights pertinent privacy issues raised by such projects, investigates tangible privacy concerns in the developing world, and offers recommendations and best practices to support the integration of privacy safeguards into project planning and implementation.
As you might expect, the paper identifies some of the privacy risks of mobile financial services. Mobile money projects, like many other development initiatives, are often structured as public-private partnerships. As client data is shared between more project partners, the chances for it to be intercepted or leaked increases.
With the advent of biometric information for client identity verification, a new dimension of privacy concerns in financial services is added. (We wrote about India’s launch of such a project, Saral Money, earlier this year.) A leak of such data could expose information on individual’s fingerprints, eye scans, and even pictures of their faces, with the potential to be linked to their financial records. This content is incredibly potent, the paper warns, when combined with other information collected by phones, including communication records and location information.
The recommendations and best practices presented in the paper are tailored to development organizations and funders, though it’s noted that all involved parties – governments, telecoms companies, digital service providers – have important privacy and security roles as well. Here are the principles.
- Address Surveillance Risks – Take steps to ensure that user data is secure from third party surveillance
- Limit Data Collection and Use – Limit data collection to what is absolutely necessary for the project’s goals
- Promote and Facilitate Transparency – Be transparent about what data is collected, how it is shared, and how it might be used in the future
- Incorporate User Feedback – In addition to addressing user questions and concerns, projects should give users the ability to access, amend, and/or delete their data
- Assume Responsibility – Assume accountability for potential risks and harms incurred via their projects and platforms
The data privacy theme arose repeatedly during the deliberations of the Financial Inclusion 2020 working groups. In particular, the working groups on both technology and credit reporting highlighted the importance of giving users the ability to access and correct their data, as well as signing off on use of the data by third parties.
To access the full report, click here.
Image credit: frog
Have you read?