SP-003: Privacy Mobile Device Pattern
Privacy requirements in many jurisdictions require organisations to divulge any losses of mobile devices that include sensitive or confidential data. Examples of data that falls under privacy legislation or regulations includes customer records such as names and addresses, financial records, medical information, or any other Personally Identifiable Information (PII).
A pragmatic approach to protect this information is the use of encryption on the mobile device combined with strong authentication to ensure that the information cannot be recovered in the event of loss or theft.
Indications: You are in a regulated industry that processes PII on mobile devices, or are subject to laws such as SB1386.
Contra-indications: You do not process any PII or other confidential information on mobile devices.
Resistance against threats: TBD. List of the threats that the pattern can resist.
Related patterns: n/a
PL-05 Privacy impact assessment
SC-09 Transmission confidentiality
SC-13 Use of cryptograpy