Privacy Policy – “There’s an app for that, or else…”

Posted on Thursday, Feb. 14th 2013 by 3Cinteractive in 3CInsider, Security

3Cinsider

In December of 2012, California’s attorney general (AG) filed a lawsuit under the California Online Privacy Protection Act, which is also referred to as CalOPPA.  The suit against Delta Airlines is one of their most high-profile cases against a company claiming the failure to provide users of mobile applications a proper notice on specific privacy practices.  In short, the suit claimed that the users of the Delta app were not made aware of how their information would be used.  The primary focus of the act was originally websites, viewed by California as “online services”.  Any website collecting personally identifiable information (PII) that does not have a conspicuous privacy policy in place is fair game under this act (but it’s hard to imagine how many sites don’t have a privacy policy).

The new twist is that the California AG is now expanding CalOPPA to include mobile applications.  What may also be surprising to some is that CalOPPA has existed since 2004, but notification of mobile app inclusion began a year ago.  Since February 2012, Google, Apple, Facebook, HP, Microsoft, Research in Motion and Amazon have jointly agreed to privacy principles ensuring compliance with CalOPPA.  The California AG, Kamala D. Harris, is supported by a state enforcement and protection unit that reaches out to online servicers with warning letters to those found to be out of compliance.  The deadline to inform Harris as to when compliance will be met is a brisk thirty days, after which a fine of $2,500 per application download can be levied.  Let that one sink-in for a moment - per download.  So this is no small sum for even a moderately popular app.

Privacy Policy

Law firms and privacy bloggers are now buzzing about CalOPPA, because apparently the requirements are catching many mobile application developers – and their clients – off-guard.  Not all applications are in scope of course, just those that collect PII and/or location data.  To comply fully with the act, a mobile app must have a conspicuously posted privacy policy and details within the policy of how the information will be collected, used and shared.  The requirements of the act may appear simple, but more so for applications to be developed than those that already exist.   Where this becomes a complex business problem is the expectation of the California AG that the privacy policy should be inclusive within the app.  For those apps not in compliance, this means an update push and the attempt to pack lengthy privacy language into a mobile’s form factor.

AG Harris states on her website that “Protecting the privacy of online consumers is a serious law enforcement matter“.  The enforcement that is now taking place is going to serve as a serious wake-up call to all online service providers that collect information about Californians, i.e. – basically all providers.  This is not the first foray into trailblazing concerning privacy originating from California.  In 2003, the California Security Breach Information Act became a state law.  Commonly known as SB-1386, this law required that owners of any breached sites collecting PII of Californians were responsible for notifying all affected parties.  Massachusetts took this concept much further in 2010 with their Data Protection Law (MA 201).  The MA 201 law is designed to protect the citizens of Massachusetts by requiring compliance with a set of security standards for “every person who owns, licenses, stores or maintains personal information about a resident of the Commonwealth…”.  The law includes language on access control, encryption, firewalls, and awareness training.

So what would drive California and Massachusetts to have detailed security provisions regarding privacy and PII collection?  How does this impact my business and are these two the only states of concern?  It isn’t as if you are likely to refuse California, Massachusetts or any other state’s (or even country’s) business to avoid complying with these laws.  When it comes to addressing data breaches, there are multiple state laws with varying degrees of strictness.  In fact, according to the National Conference of State Legislatures, all but four states have security breach notification laws as of August 2012.  The likely reason for such impactful state laws is the lack of a clear federal regulation to provide one singular, cohesive and comprehensive set of laws that meet even the minimal requirements of all state laws.

Cybersecurity legislation had an embattled run in 2012 with no resolution.  The 113th congress in 2013 is expected to pick up the topic and an Executive Order is likely to be signed this month.  Until then, states will continue to prepare legislation that protects their residents’ data regardless of the location of the online services provider.  Now that California is touching the third screen with CalOPPA, time will tell how soon other states may follow suit.  Now would also be a good time to review your mobile applications and the necessary privacy policies, before your letter arrives.

About the Author:

3Ci's John Ceraolo

John Ceraolo is the chief security officer at 3Cinteractive where he directs the organization’s enterprise risk management, business continuity, and information security. Ceraolo has been leading security initiatives within global organizations for over 20 years.



3Ci’s Corporate Build for Habitat For Humanity

Posted on Thursday, Feb. 7th 2013 by 3Cinteractive in 3Community, Philanthropy

3Ci’s Corporate Build for Habitat For Humanity

Last Friday, February 1st, we took a day away from the office to help build homes for Habitat for Humanity of South Palm Beach County. About 50 volunteers from our office came out to help construct a couple homes in Ocean Breeze West, a development of 21 single-family homes in the Heart of Boynton Beach, FL.

We split up into two different groups to help work on separate houses. Half of the group hung drywall in one house while the other nailed shingles to the roof of the other. We enjoyed meeting and working alongside the deserving future owners of each of these new homes. It was a great team-building project and we hope this build is the first of many!

Check out pictures from our build on Facebook!

3Ci’s Corporate Build for Habitat For Humanity

3Ci’s Corporate Build for Habitat For Humanity

About Habitat for Humanity of South Palm Beach

Habitat for Humanity of South Palm Beach County is a nonprofit, volunteer-driven organization that works to provide affordable homeownership opportunities for hardworking and deserving families in South Palm Beach. Habitat for Humanity of South Palm Beach County relies solely on local funding support and volunteer efforts to achieve its goals and mission. For more information, visit habitatsouthpalmbeach.org.

About Habitat for Humanity International

Habitat for Humanity International is an ecumenical Christian ministry that welcomes to its work all people dedicated to the cause of eliminating poverty housing. Since its founding in 1976, Habitat has built, rehabilitated, repaired or improved more than 400,000 houses worldwide, providing simple, decent and affordable shelter for more than 2 million people. For more information, or to donate or volunteer, visit www.habitat.org.



DMF Annual WalkAbout Autism

Posted on Monday, Feb. 4th 2013 by 3Cinteractive in 3Community, Philanthropy

On Saturday, January 26th several 3Ci team members joined more than 25,000 others at Sun Life Stadium to raise awareness for those touched by autism. The third annual DMF WalkAbout Autism generates awareness and raises much needed funds for South Florida programs benefiting children and young adults living with autism. The DMF WalkAbout Autism is always an anticipated event for us as we enjoy supporting such a great cause. Thank you to the Marino Foundation for all you do in the community and for those affected by autism. Since its beginning the WalkAbout has raised over $1 million for local charities.

DMF Annual WalkAbout Autism

DMF Annual WalkAbout Autism



The Revolution of Mobile

Posted on Friday, Jan. 25th 2013 by 3Cinteractive in 3CInsider, Marketing

3Cinsider
The mobile revolution is upon us. Newer segments of mobile such as location based services (LBS) and mobile payments are changing the way consumers use their mobile devices. Companies are now taking a more holistic approach to mobile by incorporating messaging, voice, mobile web and apps together throughout the customer lifecycle. 3Ci’s VP of marketing discusses how the innovations of smartphones and their advancing capabilities have revolutionized the way businesses are approaching consumer engagement in the U.S. today.

About The Author:
3Ci VP of Marketing, Jeff Michaud

Jeff Michaud is the vice president of marketing for 3Cinteractive. Michaud is responsible for managing 3Ci’s brand direction and market positioning, product marketing, customer acquisition and sales support, as well as oversight of its corporate communications.



America’s Most Promising Company On A Sales Meeting Gone Wrong (Forbes)

Posted on Thursday, Jan. 24th 2013 by 3Cinteractive in Marketing, Media

This video was originally published by Forbes on January 23, 2013 by JJ Colao, Entrepreneur Writer, Forbes.

3Ci President Mike FitzGibbon discusses the worst sales meeting of his life, and how it provided a turning point in building America’s Most Promising Company.

The original story can be found at 
http://www.forbes.com/sites/jjcolao/2013/01/23/americas-most-promising-company-on-a-sales-meeting-gone-wrong/.



Forbes Names 3Cinteractive America’s Most Promising Company

Posted on Thursday, Jan. 24th 2013 by 3Cinteractive in Entrepreneurship, Press Releases

Leading mobile platform company takes the top spot on the list of high-growth, privately held U.S. companies

Forbes Names 3Cinteractive America’s Most Promising Company
3Cinteractive®, a leading mobile platform company, announced it ranked #1 on Forbes’ list of “America’s Most Promising Companies”. The third annual list recognizes U.S.-based, high-growth, privately held companies. The full list of companies will be available online at www.forbes.com February 6th.

“It is an honor to rank at the top of Forbes’ list of America’s Most Promising Companies,” said John Duffy, 3Cinteractive’s founder and CEO. “This recognition is a testament to our amazing team and their tireless work ethic, as well as our world-class clients and partners who make our success possible. We will continue to invest in our Switchblade platform to help our clients create stronger engagement with consumers on their mobile devices in ways that drive measurable, profitable results.”

To view 3Ci’s AMPC online profile visit: http://bit.ly/UlvC16

Read the rest of this entry »



I Am Voicemail, And So Can You!

Posted on Wednesday, Jan. 16th 2013 by 3Cinteractive in 3CInsider, Security

3Cinsider
Mobile phones began with basic features and built on these to bring us what we have today – a computer built around a phone. For the purpose of this discussion, “basic features” are phone calls, voicemail, and SMS. Much has been written about security and SMS, but you see little about the security of voicemail, unless you count the News International phone hacking scandal. This type of hacking involves a method known as pretexting, whereby the hacker calls a customer service representative and impersonates their victim using personal details in order to gain passwords into voicemail, email, etc.

Not something that the average person can do and nor should they try, considering that today pretexting can get you 10 years in prison. But what if it wasn’t that hard and little to no work was needed to gain access to voicemail? What about your voicemail?

One of the many beautiful things about a mobile phone is that in order to hear your voicemail, you usually have to push a button. You were likely advised by an SMS message that you had a missed call and from whom, etc. Gone are the days of bulky machines at home or the next huge technological advancement- calling a carrier phone number, punching in a few more digits and being forced to listen to your messages sequentially. Now, we can see a whole menu of who called, when and in any order we wish to play them back. That is, as long as we are doing this from our mobile phone.

I Am Voicemail, And So Can You!

Of course, from where else would we check our voicemail? Sometimes we might forget our mobile phone (a thought that strikes terror in many) and will want to check messages (remotely). Depending on the make, model and carrier, you can call a central toll-free number that asks for your cell number and password. Another approach is simply calling your own mobile number and pressing “*” or “#” during your voicemail message which interrupts the greeting and ask for a password. Note that you aren’t prompted for a password when calling from your mobile, so the added security required when calling from another phone is an excellent feature. The downsides are a) do you remember your password and b) do you even have one? Likely the staff at the store that sold you the phone set this up with you or in your excitement, you just left it as the default – not a good idea. Search on the Internet for your phone type and default voicemail password and you may be surprised to find this is what you have been using – but if you never typed in (remote access), then you wouldn’t know it!

By using the mobile phone feature to access voicemail, keying in the password was never required. This “set it once and forget it” complacency has led many of us to put our guard down and not put the same emphasis on the voicemail password as we do our phone locking PIN or desktop computer password. That little tidbit is not lost on attackers who can leverage default or non-existent voicemail passwords to their advantage. So what can you do? Fortunately you have several choices: disable/never use voicemail in the first place or set a strong voicemail password that you change occasionally. Most of us prefer to get a message so disabling voicemail is not a very popular option. Changing passwords on your voicemail can also be a little tricky, as the application will ask you first to type in your old password, something you may not know. Carefully review the procedures for your phone type before starting this process.

Knowing what is happening regarding the access to your voicemail is also an important although often neglected critical piece of information. Not all services send you notifications that suspicious activity is occurring with voicemail access attempts yet, but this should be something all providers offer. You’ll know something is not right when messages you haven’t already heard are either flagged as not new or there is an increase in the number of your callers telling you they left a message that you never received.

The News International scandal broke two years ago, but the risk to all mobile users’ voicemail is still prevalent if we don’t take the proper steps. Blog posts covered the topic back in 2011, but it never hurts to reiterate the steps you should take to avoid becoming a victim.

About the Author:

3Ci's John Ceraolo

John Ceraolo is the chief security officer at 3Cinteractive where he directs the organization’s enterprise risk management, business continuity, and information security. Ceraolo has been leading security initiatives within global organizations for over 20 years.