Resources Best Practices

Best Practices

The Future of Privacy Forum has compiled a centralized resource of current standards and best practices. We hope that this will be a useful tool that gives privacy insiders access to the various guidelines and recommendations for each sector. FPF will continue to add to this resource as more standards and best practices are developed.

Comments or questions? Do you have a relevant best practice, standard or guideline? Let us know at info@futureofprivacy.org

Apps

Association for Competitive Technology - App Trust Project (Sept. 2012)

  • A resource for developers when working to design transparency and notification systems in mobile apps.

 

California Attorney General - Privacy Recommendations on the Go (Jan. 2013)

  • A set of privacy practice recommendations to improve practices in the mobile marketplace and encourage app developers to consider privacy early in their development process.

 

Electronic Frontier Foundation - Mobile User Privacy Bill of Rights (Mar. 2012)

  • A list of rights and technical practices that developers can implement in order to respect user privacy.

 

Federal Trade Commission - Mobile Privacy Disclosures: Building Trust Through Transparency (Feb. 2013)

  • Several suggestions from the FTC for major participants in the mobile ecosystem as they work to improve privacy disclosures.

 

Future of Privacy Forum / Center for Democracy & Technology - Best Practices For Mobile App Developers (June 2012)

  • Guidelines for mobile app developers to build privacy into their apps, better inform and empower end-users, and foster trust and confidence in the mobile app ecosystem.

 

GSMA - Privacy   Design Guidelines for Mobile Application Development (Feb. 2012)

  • Guidelines that seek to articulate the GSMA’s Mobile Principles in functional terms for mobile application design.

 

Lookout Mobile Security - Mobile App Advertising Guidelines (June 2012)

  • A set of guidelines to help those building and integrating in-app  mobile advertising technologies in order to understand what is acceptable and what is not in the mobile ecosystem.

 

Mobile Marketing Association - Privacy Policy Framework (Dec. 2011)

  • Model privacy policy language for mobile application developers.

 

National Telecommunications & Information Administration - Code of Conduct for Mobile App Transparency (July 2013)

  • As chartered by the White House’s “Consumer Privacy Bill of Rights,” the NTIA-convened privacy multistakeholder process to develop  a code of conduct in order to provide transparency in how companies providing applications and interactive services for mobile devices that handle personal data.

 

Office of the Privacy Commissioner of Canada -  Seizing Opportunity: Good Privacy Practices for Mobile Apps (Oct. 2012)

  • The Office of the Privacy Commissioner of Canada and the Offices of the Information and Privacy Commissioner of Alberta and British Columbia released joint best practices guidance for designing and developing mobile apps.

 

U.S. Department of Health and Human Services - Mobile

  • Mobile initiatives and resources from the Department of Health and Human Services.

 

Education

Software & Information Industry Association - Best Practices for the Safeguarding of Student Information Privacy and Security for Providers of School Services (Feb. 2014)

  • These privacy and security best practices are intended as guidance for providers of educational services to educational institutions to the extent that they collect, disseminate, use or maintain personally identifiable information about students (student PII).
Kids Privacy

Aristotle - COPPA Program & Verifiable Parental Consent

  • A Federal Trade Commission (FTC) approved safe harbor provider for websites that control all of the technical services necessary to meet the updated Children's Online Privacy Protection Act (COPPA) Rule's standards.

 

Children's Advertising Review Unit - Self-Regulatory Program for Children's Advertising

  • The Children's Advertising Review Unit's (CARU) standards for advertising directed to children that ensure such ads are not deceptive, unfair or inappropriate.

 

Entertainment Software Rating Board  - Kids Privacy Online Seal 

  • The Entertainment Software Rating Board's (ESRB) seal program establishes requirements if any part of a member company's website is directed to children, or the company has actual knowledge that it collects personal information from children under 13 years of age.

 

Federal Trade Commission - Mobile Apps for Kids: Current Privacy Disclosures are Disappointing 

  • The FTC's report surveying the privacy practices of children's apps and recommending that members of the children's app ecosystem provide greater transparency about their data practices.

 

Federal Trade Commission - Mobile Apps for Kids: Disclosures Still Not Making the Grade

  • The FTC's follow up report examining the disclosures and data sharing practices of children's apps with recommendations to improve privacy protections.

 

kidSAFE - Seal Program 

  • A "seal of approval" program that independently reviews and certifies the safety practices of child-friendly websites and technologies, including kid-targeted sites, social networks, apps, and other interactive and online products.

 

MOMS with Apps - Best Practices for Kids Apps 

  • Guidelines  created by the Association of Competitive Technology (ACT) for using a logo, which will signal to parents that the mobile app developers designed their app with privacy in mind.

 

Privo - COPPA Safe Harbor Certification Program 

  • An infomediary service that is recognized by the FTC as an approved COPPA safe harbor program.

 

 

Location

 CTIA - The Wireless Association - Best Practices for Location Based Services (Mar. 2010)

  • Guidelines to promote and protect user privacy as Location Based Services are developed and deployed.

 

Digital Signage Federation - Digital Signage Privacy Standards (Feb. 2011)

  • Guidelines related to data collection and use through digital signage for digital signature companies, partners, and host venues.

 

Future of Privacy Forum - Mobile Location Analytics Code of Conduct (Oct. 2013)

  • FPF has worked with a group of leading technology companies to develop best practices for mobile location analytics. These companies provide solutions to retailers by developing aggregate reports used to reduce waiting times at check-out, to optimize store layouts and to understand consumer shopping patterns.  The reports are generated by recognizing the Wi-Fi or Bluetooth MAC addresses of cellphones as they interact with store Wi-Fi networks. The FPF worked with the technology companies to develop a Code to ensure that appropriate privacy controls are in place as retailers seek to improve the consumer shopping experience.

 

POPAI - The Global Association for Marketing Retail - Best Practices: Recommended Code of Conduct for Consumer Tracking Research (2010)

  • Guidelines on data gathering and storing for entities that utilize Observed Tracking Data (OTD) for marketing purposes.
Market Research

 CASRO - Code of Standards and Ethics for Market, Opinion, and Social Research (2014)

  • Principles to help distinguish the research industry's information gathering and analytical activity from separate marketing and advertising efforts. Focuses on compliance guidelines for research and duties researchers owe to research participants.

 

ESOMAR - Guidelines for Conducting Mobile Market Research (2012)

  • Guidelines that cover the collection of information by mobile devices (i.e. mobile phones, tablets and other similar mobile computing devices) for market, opinion or social research purposes.

 

Information & Privacy Commissioner of Ontario - Best Practices for Protecting Individual Privacy in Conducting Survey Research (1999)

  • The Information & Privacy Commissioner' (IPC) collaborated with the Ministry of Labour and the Corporate Freedom of Information and Privacy Office of Management to develop best practices for survey research that involves the collection, retention,   use, disclosure, and disposal of personal information.
Mobile

App Quality Alliance -  Best Practice Guidelines for developing Quality Mobile Apps (June 2013)

  • Mobile app design guidelines that include consumer-privacy focused recommendations.

 

Center for Democracy & Technology - RFID Best Practices (2006)

  • Best practices designed to promote respect for consumer privacy in the growing use of Radio Frequency Identification (RFID) technology in commercial applications.

 

Digital Advertising Alliance - Guidelines for Mobile Ad Data (July 2013)

  • Guidance for member companies on how the existing Digital Advertising Alliance's Self-Regulatory principles apply to certain types of data in the mobile device environment.

 

Electronic Transaction Association - Best Practices and Guidelines for Mobile Payments (2012)

  • Best practices for mobile payment solutions that includes guidance for merchants and commonly used terms.

 

GSMA - Mobile Privacy Principles (Mar. 2012)

  • A user-centric privacy framework for the mobile ecosystem developed by GSMA.

 

Mobile Marketing Association - Mobile Marketing Best Practices (July 2013)

  • A comprehensive list of Mobile Marketing Association’s mobile guidelines for marketing on the mobile platform.

 

Network Advertising Initiative - Mobile Application Code (July 2013)

  • Guidance for member companies on how the Network Advertising Initiative's Code applies to data practices in the mobile marketplace.

 

W3C - Mobile Web Best Practices Working Group (Dec. 2010)

  • As part of the "Mobile Web Initiative," W3C members chartered a working group to develop a set of technical best practices and associated materials in support of the development of web sites that provide an appropriate user experience on mobile devices.

 

Online Advertising

Digital Advertising Alliance - Self-Regulatory Principles for Online Behavioral Advertising (Oct. 2010)

  • Seven principles developed by the Digital Advertising Alliance (DAA) that apply broadly to a wide-range of actors, working interdependently, to deliver behavioral advertising.

 

Direct Marketing Association - Email Delivery Best Practices  (2005)

  • Best practices for marketers that are seeking to maximize the delivery of communications with customers who have given their consent/permission to be contacted via  e-mail.

 

Direct Marketing Association - Guidelines for Ethical Business Practice (2014)

  • Guidelines that provide individuals and organizations involved in direct marketing with generally accepted principles of appropriate conduct.

 

Direct Marketing Association - Real-Time Direct Marketing: Best Practices in the Digital Age (2011)

  • Best practices for marketers that use real-time direct marketing technologies.

 

Federal Trade Commission - Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business & Policymakers (2012)

  • An executive summary from the FTC that discusses a framework for companies to  innovate and deliver better products and services without compromising consumer privacy.

 

Federal Trade Commission - Self-Regulatory Principles for Online Behavioral Advertising (2009)

  • A staff report that examines behavioral advertising that involves the Commission, industry, consumer and privacy organizations, and individual consumers.

 

PrivacyChoice - Best Practices for Opt Outs (2009)

  • Self-regulatory rules of the road for advertising networks developed by PrivacyChoice.

 

Software & Information Industry Association - Social Advertising Best Practices for the Social Marketer (2012)

  • Core principles developed by the Software & Information Industry Association (SIIA) that can increase the effectiveness of social   advertising campaigns.

 

TRUSTe - Privacy Best Practices: Protecting Customer Information Online

  • Key examples of the best practices that TRUSTe recommends for businesses  to build trust with consumers.

 

Privacy Certification/Compliance

Better Business Bureau - Seal For The Web

  • The Better Business Bureau's (BBB) compliance program for member companies that must adhere to their  Code of Business Practices, including its online standard.

 

Entertainment Software Rating Board -  Privacy Online Seal

  • The Entertainment Software Rating Board (ESRB) requires its member companies obtain their Privacy Seal when collecting, using and disclosing personal information in the online context.

 

PrivacyChoice - Privacy Score

  • PrivacyChoice's analytic tool that scores websites based on their information disclosures and data tracking capabilities.

 

TRUSTe's - Privacy Seal

  • The seal enables companies to safely collect and use customer data in order to power their digital business via TRUSTe's certification that ensures compliance.

 

 

Smart Grid

Department of Energy - Voluntary Code of Conduct for Third Party Access to Data (in progress)

  • A task force that is developing a voluntary code of conduct to address privacy issues related to data enabled by smart grid technologies.

 

Future of Privacy Forum & TRUSTe - Privacy Smart Seal

  • Privacy guidelines to govern the collection, storage and disclosure of consumer energy data.

 

National Institute of Standards and Technology - Guidelines for Smart Grid Cybersecurity: Vol. 2 Privacy and the Smart Grid (Mar. 2013)

  • A consensus document by a diverse subgroup to explore privacy concerns and recommendations for data enabled by smart grid technologies.

 

Social Media

CASRO - Social Media Research Guidelines (2011)

  • Augments CASRO's Code of Standards and Ethics for marketing research for use with research on social media.

 

Cmp.ly - Social Media Disclosures

  • A start-up that provides several solutions to automate compliance and fulfill regulatory obligations in the social media space.

 

Electronic Frontier Foundation - Bill of Privacy Rights for Social Network Users (May 2010)

  • Three basic privacy-protective principles that the Electronic Frontier Foundation (EFF) believes social network users should demand when using these services.

 

Gigya - Social Privacy Seal

  • A certification seal of data management practices for online sites or services that use social login to authenticate users.

 

 

Texting

Department of Health & Human Services - Social Media Guidelines & Best Practices (June 2010)

  •  How to use text messaging to disseminate health messages according to the Centers for Disease Control and Prevention (CDC).

 

Mobile Marketing Association -  Guide to Text Messaging Regulations & Best Practices (2013)

  •  The Mobile Marketing Association's (MMA) guidelines for mobile marketers regarding the many rules of text message marketing.

 

 

Privacy Calendar

Nov
7
Fri
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
Nov
11
Tue
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
Nov
12
Wed
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]
Nov
20
Thu
all-day W3C Workshop on Privacy and User... @ Berlin, Germany
W3C Workshop on Privacy and User... @ Berlin, Germany
Nov 20 – Nov 21 all-day
The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection[...]
Dec
2
Tue
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
Dec
11
Thu
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]

View Calendar