Adhering to the right standards
Are there any standards we need to adhere to when making an app? When making an app, there are a number of things you need to be considering and asking before you start building it. I won’t cover them all in this post, but some of the most important of these questions surround data protection and data integrity regulations.
Storing your users’ data
For a mobile app, people now expect their data to be stored and maintained for them across any device they use. The most obvious solution to this is to host the data in “the cloud”, where it’ll be hosted on hardware being maintained by a third party.
The benefits? Simply, it means lower costs for you, as you’re not managing and maintaining your own physical hardware. But it’s not without its issues – it does mean navigating the laws of different countries, as well as the rules of your own IT and legal departments.
So although this isn’t an in-depth guide, it should give you some idea about a few of the questions you should be raising with both departments when you’re thinking about implementing an app.
The legalities of data storage
Data security is a hot topic nowadays. Large companies have faced user backlash and large fines for failing to protect their users’ information. When you’re making an app, you need to plan for a level of security. Some of these security considerations are enshrined in laws like the Data Protection Act (1998) and the US’s safe harbor laws for EU data.
For companies within the EU, you can store your data in any other EU country, as their laws are aligned. Storing data in other countries like the US is a little more complicated. The US’s safe harbor list is a list of organisations who adhere to the US-EU safe harbor framework, meaning you would still be compliant keeping your data with these organisations. But these laws aren’t set in stone. Recent changes include the EU directive regarding the right for users to completely erase their online presence on request.
Not the end of the world, but these are things that are worth taking into consideration when you begin planning your app.
Managing your own IT department
On top of the legal requirements, your own IT department may have some security policies of their own. Do they, for example, require that all devices accessing company resources have a PIN Should users be logged out after a certain length of time? Are there other systems you need to integrate with, such as an existing user management solution? Does data on the device need to be protected by more than just the provided mechanisms, such as encrypted databases and secure communications between device and server?
As always, there are compromises to be made. You could always make the app adhere to every security standard by not allowing the user to do anything. If they can’t access the app, their data can’t be leaked, right?
So even with security as a priority, usability has to be kept in mind. If you make the app too hard or inconvenient to use in the name of protecting your users, they’ll just leave.
When you start planning for these issues, you’ll need to prioritise and choose how best to combine usability and security.