The California Attorney General's office today released its long awaited report Privacy on the Go (pdf) with recommendations for application developers, platforms, and ad-networks. It is a must read-- both for the easy to understand language and clear suggestions, and because it promotes implementations than generally are not considered "required by law." This is the future of privacy design. I urge you to take a look.
Limit collection: Avoid or minimize the collection of personally indentifiable data that you do not need to provide your service and limit the time you keep it. Or as I tell my clients, make a fair bargain with your users! Have policies that make sense and describe them in a way so the user thinks the exchange of their data for your service is reasonable.
Surprise Minimization: Don't collect data or use it in a way that will surprise your users. In other words-- notice early, contextually, and repeatedly!