Twenty-eight percent of U.S. adults use location-based applications like Facebook and Google Maps, and that number will grow, according to ISACA. Regulating geolocation data is in progress, so individuals and enterprises must be aware of the information they provide, collect and use.
Geolocation uses data to identify a physical location. It offers consumers convenience, discounts and easy sharing, and enables enterprises to deliver personalized services. But this increases the need for data management and controls.
As ISACA notes, malicious use of geolocation data can increase risk. When information (gender, race, occupation, financial history) is combined with a GPS and geolocation tags, criminals can identify a location, increasing the potential of espionage, burglary, theft, stalking and kidnapping.
Proposed U.S. legislation restricts whether companies can store location data from mobile devices, and a proposed amendment to the Children’s Online Privacy Protection Act (COPPA) addresses the collection of geolocation data from children under 13.
Collecting and using geolocation data pose risk to enterprises, including:
Privacy: Multiple entities have access to geo-tagging data, including service providers and wireless access developers. Users can’t always identify the source or owner of their location data.
Reputation: Enterprises risk their brand/reputation, when breaches occur.
Compromise: Secret locations and remote facilities/prototypes can be identified.
- Implement safeguards, leverage COBIT for policy development.
- Update the security of device operating systems and software.
- Make sensitive data (personal, financial, confidential) unreadable or inaccessible.
- Respect differing global privacy regulations.
- Implement a risk management policy that identifies where geolocation services add value and where they should be disabled.
ISACA advises people to follow a five-step “ROUTE” for informed use of geolocation:
- Read mobile app agreements, know what information you share.
- Only enable geolocation when benefits outweigh risk.
- Understand that others can track your current and past locations.
- Think before posting tagged photos to social media sites.
- Embrace the technology, and educate yourself and others.