The answer, according to the California attorney general's office, is no. The federal Children's Online Privacy Protection Act, for instance, prohibits developers from gathering information on pre-teenagers without their parents' consent, while the Health Insurance Portability and Accountability Act could restrict certain types of medical information from being gathered from users, and finally California's Online Privacy Protection Act says that companies must explicitly disclose what kinds of personally identifiable information they collect, said LeBlanc.
Basically, to avoid privacy pitfalls, companies should operate as if everything they do is public, some said. "It only takes one person thinking about privacy in a critical way to make you a headline," said Lookout's Wyatt.
Sign up for CIO Asia eNewsletters.