Welcome to our latest FAQ Friday — on privacy— where industry experts answer your burning technology and startup questions. We’ve gathered Minnesota authorities on topics from software development to accounting to talent acquisition and everything in between. Check in each week, and submit your questions here.

This week’s FAQ Friday is sponsored by The Jed Mahonis Group. The Jed Mahonis Group helps businesses strategize, design, develop, and deploy custom iOS and Android mobile applications. The company has partnered with many startups and large brands over the years to deliver software that is used by millions of people around the world, including companies such as Great Clips, Green Mill, VSI Labs, and Kwikly.

Meet Our FAQ Expert

Tim Bornholdt, Partner at The Jed Mahonis Group | @timbornholdt

Tim got his start in web development in the first grade, so he’s been building websites and apps for more than 20 years. In addition to being an accomplished software developer, Tim is also an award-winning videographer and podcaster. He currently edits the C Tolle Run podcast hosted by Olympian Carrie Tollefson, and he hosts the Constant Variables podcast where he breaks down complex mobile app development topics for entrepreneurs and product managers.

How can I design my product with privacy in mind?

This isn’t a question we’re often asked at the onset of a project but designing with privacy in mind is something we’re proactive about in our development process.

We employ Ann Cavoukian’s Privacy by Design approach when dealing with our apps.

Seven Privacy Principles

1. Privacy considerations should be proactive, not reactive

All it takes is one hack or one step of negligence from an employee, and you’re showing your users that you can’t be trusted with their data. At best, that means your users will leave to go to your competitor, and at worst, they’ll leave you with a PR and financial nightmare. Treating your customers’ data with care and respect from the moment it’s given to you will pay dividends.

When you are dealing with customer’s private data, you should do everything you can to prevent an infraction from occurring. Instead of reacting to bad actors, you should think through possible scenarios from day one and mitigate those risks right off the bat.

2. Privacy as the default setting

privacy_dataWhen you download a new app, how often is the first, second, or even twentieth thing you do within that app is look at the privacy settings? Making a users’ information private by default and giving them the control to share their data inspires trust and being a product people trust can be a key differentiator among your competitors.

To learn how consideration of user privacy can be a market differentiator, especially when targeting Millennials and younger generations, listen to this interview with security expert Adam Stone of Secure Digital Solutions.

3. Embedding privacy into the design

Making privacy considerations an integral part of the design process, from ideation to launch to new feature rollouts, keeps privacy at the forefront of every decision without affecting functionality.4.

4. Using a positive sum approach, not negative sum

A negative sum approach to privacy would be an app that requires personal information in order to use it. But it doesn’t have to be all or nothing. Designing an app with a positive sum approach balances full functionality with the minimally required data requested of a user, meaning a user who doesn’t want to share their data can still download and use your app with the same functionality as a user willing to share their information.

5. End to end security

Data should be secure from its creation to its destruction. When a user types in their email and password into your system, that information should be secured and encrypted from the time it leaves their device until it reaches your servers. Once you are in possession of it, you should secure it until the data is ready to be destroyed. When the time comes to delete it, it should be destroyed securely and completely.

6. Transparency

Be open about how a user’s information will be stored and used. An independent party should be able to verify that you, in fact, handle your customer’s data with the care you promise in your privacy policy.

7. Respect for user privacy

Keep your options and terms user-centric and user-friendly. For example, you should make your privacy policy easy to find and easy to understand, which leads well into our next question.

Why should my product have a privacy policy and what should it include?

A privacy policy outlines how user information is collected, stored, used, and shared, with contact information provided for anyone with questions. Users have a right to know how their information is being used, a right that is generally protected by law, as laws differ in regards to what and who is protected and are dependent on where you live or do business.

A privacy policy not only protects your users, but it also protects you in the event your product is hacked and private information is stolen.

What your privacy policy covers will depend on your industry, your location, and even your clients’ locations.

The Better Business Bureau provides tips on how to write a policy and what to address, and it’s always a good idea to seek legal counsel to make sure your privacy policy fully protects you in the event of an issue.

Still have questions? Ask Tim and The Jed Mahonis Group team questions on privacy and more on Twitter at @timbornholdt.