Demands for a user privacy debate has been launched by Finnish “Angry Birds” maker Rovio, after the release of documents by whistleblower Edward Snowden revealed that the NSA is targeting analytics data from mobile apps. US and UK spy agencies were shown to have targeted advertising networks, to enable access to Rovio’s private user data. Internet-enabled devices visiting ad-enabled websites or ad-enabled applications, are vulnerable to surveillance and “leaky” smartphone apps can release anything from basic technical information to personal information like gender, location etc. The EU justice commissioner Viviane Reding is equally concerned about mass surveillance. In a speech for this year’s Data Protection Day summit she advocates reform is needed to restore trust in the digital economy and a rethink of the European Data Retention law. “National security’ (is not) a trump card (that) disregards citizens’ rights”. “These issues are connected, not separate (and) encryption has been weakened”. The NSA and GCHQ have defended their actions saying that their use of data is targeted and adheres to a strict legal and policy framework – but the encroachment is insidious and the concern from business is that commercial as well as private data is being swept up. Incoming international president of IT at professional association ISACA, Rob Stroud, echoes the seriousness of cyber security threats in the UK. “Information security professionals need to engage with their organisation about the implication of data leaks and how to do proper risk assessments”. It also raises the question about the role of the Chief Information Security Officer (CISO), where they sit in an organisation and their seniority, as digital security requires proactive not reactive thinking”. With technology changing, the use of consumer apps increasing and businesses seeking ever more automation, device management, risk assessment and security must go hand in hand for MSPs and company IT security advisors.