Health and Biometric Data Type Declaration Mismatch
Health and Biometric Data Type Declaration Mismatch
Description
If the Health and Biometric data type declaration in your privacy policy does not match the actual usage of such data, it could lead to potential legal and regulatory issues, as well as erode trust with users who may feel their sensitive information is not being handled appropriately.
Recommendation
To mitigate vulnerability, ensure that the health and biometric data type declaration in your privacy policy accurately reflects how this data is collected, stored, and used within your organization. Regularly review and update your privacy policy to align with any changes in data handling practices and ensure transparency with users about how their sensitive information is being managed. Conduct regular audits and assessments to ensure compliance with relevant regulations and industry best practices.
Links
- Android Privacy Guidelines
- Privacy Policies for Mobile Apps
- Apple Privacy Manifest
- CWE-359: Exposure of Private Information ("Privacy Violation")
Standards
- OWASP_MASVS_L1:
- OWASP_MASVS_L2:
- OWASP_MASVS_RESILIENCE:
- CWE_TOP_25:
- GDPR:
- ART_5
- ART_6
- ART_7
- ART_9
- ART_11
- ART_13
- ART_15
- ART_16
- ART_17
- ART_32
- CCPA:
- CCPA_1798_100
- CCPA_1798_105
- CCPA_1798_110
- CCPA_1798_115
- CCPA_1798_120
- CCPA_1798_125
- CCPA_1798_130
- CCPA_1798_135
- CCPA_1798_140
- CCPA_1798_150
- PCI_STANDARDS:
- OWASP_MASVS_v2_1:
- MASVS_PRIVACY_1
- MASVS_PRIVACY_2
- MASVS_PRIVACY_3
- MASVS_PRIVACY_4
- OWASP_ASVS_L1:
- OWASP_ASVS_L2:
- OWASP_ASVS_L3:
- SOC2_CONTROLS:
- CC_2_3
- CC_5_3