SP-003: Privacy Mobile Device Pattern

Diagram:

Your browser does not support SVG files! We recommend you upgrade to the latest version of Firefox so you receive patterns with hyper-linked controls.

Description:

Privacy requirements in many jurisdictions require organisations to divulge any losses of mobile devices that include sensitive or confidential data. Examples of data that falls under privacy legislation or regulations includes customer records such as names and addresses, financial records, medical information, or any other Personally Identifiable Information (PII).

A pragmatic approach to protect this information is the use of encryption on the mobile device combined with strong authentication to ensure that the information cannot be recovered in the event of loss or theft.

Indications: You are in a regulated industry that processes PII on mobile devices, or are subject to laws such as SB1386.

Contra-indications: You do not process any PII or other confidential information on mobile devices.

Resistance against threats: TBD. List of the threats that the pattern can resist.

References
Related patterns: n/a

Classification: Privacy

Release: 08.02

Authors: Spinoza

Control details

Module Client

Module Server

PL-05 Privacy impact assessment

SC-09 Transmission confidentiality

SC-13 Use of cryptograpy