From a banking perspective, an enterprise API's legal status and accounting procedure can be confusing. With so many people consuming raw publicly open data, sometimes through a 3rd party host, business executives don't know whether to consider an API as a liability or an asset to a company's interests. Potential risks may be mitigated by crafting in-depth customer agreement terms, and when applicable, respecting international data privacy laws.
In order to avoid the pitfalls of public data consumption, such as the recent SnapChat API security failure, Andy Thurai recommends to implement proper clearance controls, filing detailed records on the location of each user. In order to retain data ownership, the data lifecycle must be tracked, stored efficiently, and disposed of in a timely fashion when necessary.