50% of Smart phone users globally * access location-based applications such as Facebook, Groupon and Google Maps on their mobile devices, and that number is expected to grow significantly. But a new ISACA white paper cautions that regulating the use of geolocation data is still in its infancy, so individuals must be aware of the information they are sharing and enterprises must act now to protect themselves and the information they provide, collect and use.
Geolocation uses data acquired from a computer or mobile device to identify a physical location. Applications using this technology offer consumers greater convenience, discounted prices and easy information sharing, and enable enterprises to deliver more personalized customer service and offers. But as geolocation services become more common, the need for data management and enterprise controls increases significantly.
As ISACA's new white paper, "Geolocation: Risk, Issues and Strategies," points out, malicious use of geolocation data can put both an individual and an enterprise at risk. When a person's personal information, such as gender, race, occupation and financial history, is combined with information from a GPS and geolocation tags, the data can be used by criminals to identify an individual's present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping.
"Geolocation is becoming more and more a real source of commercial and financial benefits for organisations, but unfortunately as with any technology that becomes popular, geolocation becomes also more and more interesting for hackers, scammers and spammers," said Marc Vael, CISA, CISM, CGEIT, CISSP, Chair of the Knowledge Board and Cloud Computing Task Force at ISACA. "That is why this ISACA white paper is right on time to bring an independent but constructive view on the risks and issues, as well as and strategies to follow in order to use geolocation in a sensible manner."
Marios Damianides, CISM, CISA, CA, CPA, past international president of ISACA and partner, Advisory Services, at Ernst & Young added that "As the number of geolocation users grows and the proliferation of mobile devices continues, the prospect of individual or enterprise information becoming available to hackers or other unauthorized users is a significant concern," said. "We need policies that will establish 'privacy by design' to instill trust across the enterprise and guard against malicious...