Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Regulating use of geolocation data still in its infancy

Anuradha Shukla | Sept. 29, 2011
ISACA cautions individuals to be aware of the information they are sharing.

Regulating the use of geolocation data is still in its infancy and a new ISACA white paper cautions individuals to be aware of the information they are sharing.

ISACA is a global provider of knowledge, certifications, community, advocacy, and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance.

In its newly released white paper "Geolocation: Risk, Issues and Strategies," ISACA emphasises that enterprises must act now to protect themselves and the information they provide, collect and use.

If not used by an authorised person, geolocation data can put both an individual and an enterprise at risk.

"Geolocation is becoming more and more a real source of commercial and financial benefits for organisations, but unfortunately, as with any technology that becomes popular, geolocation becomes also more and more interesting for hackers, scammers and spammers," said Marc Vael, CISA, CISM, CGEIT, CISSP, chair of the Knowledge Board and Cloud Computing Task Force at ISACA. 

"That is why this ISACA white paper is right on time to bring an independent but constructive view on the risks and issues, as well as strategies to follow in order to use geolocation in a sensible manner."

Enact rules

Regulators in the US are now making efforts to enact rules regarding how companies can use geolocation data.

"We need policies that will establish 'privacy by design' to instill trust across the enterprise and guard against malicious use of location information," said Marios Damianides, CISM, CISA, CA, CPA, past international president of ISACA and partner, advisory services, at Ernst & Young.

"In Europe, regulators are aware of such concerns and are referring to the existing data privacy legislation for rules regarding how companies can use geolocation data from individuals (independent of age), customers and employees since this is also considered personal data," said Ramsés Gallego, member of ISACA's Guidance and Practices Committee and security strategist and evangelist at Quest Software. 

ISACA suggests that enterprises should implement technology safeguards, regularly update the operating systems, classify data, and implement an effective risk management policy that identifies where geolocation services add value and are to be utilised.

Consumers and employees should read mobile app agreements to see what information you are sharing, only enable geolocation when the benefits outweigh the risk, understand that others can track your current and past locations and think before posting tagged photos to social media sites.


Sign up for CIO Asia eNewsletters.