2.9-LTS
Platform
Domains
Design SystemAcademyFeedback

Security & Privacy Guidelines For Product Developers

  1. Secure Application Development

    • Adhere to Secure Coding Standards: Manual and Automated Code Reviews to ensure OWASP guidelines are followed for secure coding to prevent vulnerabilities.

    • Data Storage: Leverage Persister Service when storing data and Encryption Service to encrypt sensitive data before storage.

    • Data Anonymization: Anonymize PII before emitting data for analysis or reporting.

    • Third-Party Security Testing: Conduct 3rd security penetration testing and vulnerability assessments.

  2. Data Minimization: Collect and process only the data necessary for the functionality of the product.

    • Data Collection: Design forms to capture only such data from users that have well-defined purposes.

  3. User Privacy

    • Purpose Limitation: Ensure users are informed about what data is collected, who will access the data and for what purpose. This information should be updated in the Terms and Conditions.

    • User Access: Provide citizens with the ability to view and request changes to their personal data, e.g. corrections in spelling of names, updating address, etc.

  4. Notice and Consent

    • Create a privacy policy, which details what information is collected, which roles have access to it, and the purpose of such access / usage.

    • Publish a notice, with a link to the privacy policy, on the login page. Users should indicate that they have read and accepted these terms before they are able to login.

PreviousSecurity & Privacy GuideNextSecurity & Privacy Guidelines For Solution Implementing Agencies

Last updated

All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.