Wearables and the Internet of Things raise significant consumer privacy issues that you need to prepare for now. We outline the key concerns with a primer on how to get your organization ready.
Apple CEO Tim Cook's recent defense of privacy and encryption highlights an issue of paramount important to today's IT leaders: Data privacy. IT leaders may debate the scope of their involvement with security and privacy issues, as they did at the recent MIT Sloan CIO Symposium. But data privacy, a perennial problem, has become critical for every organization as we fit every one of our things for network connectivity.
Though wearables and the Internet of Things (IoT) share similar privacy concerns to that of mobile devices, the nature of continuous, on-the-body, or ubiquitous environmental sensing amplifies the privacy issues. Ambient computing, or an ecosystem of wearables and IoT on or near a user, has the ability to acquire intelligence about a user and his or her surroundings by sensing, processing, and communicating data to infer the user's context, external stimuli, behavior, and intent.
This article highlights the specific privacy concerns related to wearables and IoT, and gives you best practices for consumer privacy protection.
According to Motti and Caine's study, "Users' Privacy Concerns About Wearables: Impact of Form Factor, Sensors, and Type of Data Collected," the privacy concerns about wearables are similar, but in some cases more specific, than privacy concerns about mobile devices. It also shows that users are aware of the potential privacy implications, particularly during data collection and sharing. Users' privacy concerns are related to the ability of the wearable device to sense, collect, and store data that are often private, personal, or sensitive, and then share these data with unknown or unethical parties.
The study specifically highlights the following privacy concerns:
Social implications and the lack of awareness of the impact on the privacy of others: Devices may not only record a user's activity, but also record the activities of those around the user.
"Right to forget": Users fear that when certain data are combined, they could have serious personal implications; users therefore want the data collected -- with or without user consent or awareness -- to be deleted.
Implications of location disclosure: Users are concerned that their GPS location may be made available to malicious parties and criminals.
Discrete display of confidential information: Confidential information displayed on smart watches may be viewable to other parties nearby.
Lack of access control: Users fear that organizations and the government may use their personal data without their awareness or consent.
Surveillance and sousveillance: Users fear continuous surveillance and sousveillance, not only as a matter of personal privacy, but also in light of the potential for criminal abuse.
Privacy concerns for head-mounted devices: Users are concerned that head-mounted display (HMD) computers with cameras and microphones may impact their privacy and the privacy of others.
Speech disclosure: Users express concerns about their speech being overheard or recorded by others.
Surreptitious audio and video recording: Users are concerned that wearables with camera and audio input may record them discreetly without their knowledge.
Facial recognition: Users are concerned that systems may recognize and identify them individually.
Automatic synchronization with social media: Some users do not like the idea of their devices immediately synchronizing with social media applications and sharing their data without being able to control this sharing.
Visual occlusion: Head-mounted displays that cover the user's field of view disrupt the user's ability to interact privately because vision is blocked.
According to PwC's report "Consumer Intelligence Series: The Wearable Technology Future," 82% of respondents in the survey indicated that they are worried that wearable technology would invade their privacy. Eighty-six percent expressed concern that wearables would make them more prone to security breaches.
Pew Research Center study "Americans' Privacy Perceptions and Behaviors" found that consumers lack confidence in their control over their personal information. Moreover, they are concerned about surveillance by companies and the government. Nintey-one percent agree or strongly agree that consumers have lost control over how personal information is collected and used by companies. Eighty-eight percent believe that it would be difficult to remove inaccurate information about them online. Eighty percent of those who use social networking sites say they are concerned about third parties accessing their data.
On the legislative front, Congress and some federal agencies are investigating the practices of third-party consumer data collectors. The FTC has recommended that Congress pass a law giving consumers the right to have access to their personal data compiled by data brokers. Regulators may require data resellers to periodically provide consumers with free data reports.
The panel discussion Data Privacy Trends 2015, facilitated by the Churchill Club, takes a serious look at user concerns about privacy.
Scott Amyx is the founder and CEO of Amyx+McKinsey, a wearables strategy agency specializing in smart wearables strategy and development. He writes for InformationWeek, Wired.com, IEEE Consumer Electronics Magazine, andIEEE Technology and Society Magazine, and he ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.