Two weeks ago my company hosted a Data Protection Symposium for IT professionals at school districts across Texas. Members of our property and school liability programs have privacy and information security coverage included. Just like the medical field that is transitioning to digital records, schools are increasingly incorporating technology into business as usual. But that means that students’ and their families’ information is at risk of being accessed.
Data breaches can be very costly. The average cost per compromised record is $145. Although there are many opportunities for breaches to occur, one in particular, is in using third party apps to collect and/or use data.
Companies use third party apps all the time to communicate with customers. Some of the most common examples are our favorite social media channels: Facebook, Twitter, and Instagram. Companies don’t own the material transmitted through these apps, instead, the apps have their own individual privacy policies. However, when a customer interacts with Company X through their Facebook page, she’s not thinking about Facebook’s involvement, just that she’s speaking with Company X.
So why not just avoid apps?
That would only work if companies, and in our case, school districts, could keep up with technology and create their own tools to meet all their needs. This isn’t realistic for even the most advanced company. There is no need for 1,200 districts in Texas to each have its own apps for teaching aids, or lesson planning tools or communication channels. Shared apps are just more convenient.
Keep It Safe, Silly
There are steps that companies (and schools) can take well in advance of a breach to make sure their customers’ (families’) data stays secured in third party apps.
- Stick to surface-level information.
Don’t use a third party app for sharing sensitive information like social security numbers or health data. Third party apps are best for public information that wouldn’t lead to identity theft if discovered.
- Maintain your owned channels.
Make sure your official website and contact information are prominently displayed on your profiles of third-party apps. That way if there is private information that needs to be shared, your customer (family) can do so directly with you.
- Have a crisis plan.
These days it’s not a matter of whether you’ll have a breach, but when. Make sure you back up important data that is coming in through third-party apps. Ask your insurance or risk management company whether or not your policy includes coverage.
What responsibility to companies have to communicate third party privacy policies to customers?