Data Privacy Playbook For Wearables And IoT - InformationWeek
IoT
IoT
Mobile // Mobile Devices
Commentary
6/8/2015
11:06 AM
Scott Amyx
Scott Amyx
Commentary
100%
0%

Data Privacy Playbook For Wearables And IoT

Wearables and the Internet of Things raise significant consumer privacy issues that you need to prepare for now. We outline the key concerns with a primer on how to get your organization ready.

Apple CEO Tim Cook's recent defense of privacy and encryption highlights an issue of paramount important to today's IT leaders: Data privacy. IT leaders may debate the scope of their involvement with security and privacy issues, as they did at the recent MIT Sloan CIO Symposium. But data privacy, a perennial problem, has become critical for every organization as we fit every one of our things for network connectivity.

Though wearables and the Internet of Things (IoT) share similar privacy concerns to that of mobile devices, the nature of continuous, on-the-body, or ubiquitous environmental sensing amplifies the privacy issues. Ambient computing, or an ecosystem of wearables and IoT on or near a user, has the ability to acquire intelligence about a user and his or her surroundings by sensing, processing, and communicating data to infer the user's context, external stimuli, behavior, and intent.

This article highlights the specific privacy concerns related to wearables and IoT, and gives you best practices for consumer privacy protection.

[This is not a test. See IoT Market Will Grow 19 Percent in 2015, IDC Predicts.]

According to Motti and Caine's study, "Users' Privacy Concerns About Wearables: Impact of Form Factor, Sensors, and Type of Data Collected," the privacy concerns about wearables are similar, but in some cases more specific, than privacy concerns about mobile devices. It also shows that users are aware of the potential privacy implications, particularly during data collection and sharing. Users' privacy concerns are related to the ability of the wearable device to sense, collect, and store data that are often private, personal, or sensitive, and then share these data with unknown or unethical parties.

The study specifically highlights the following privacy concerns:

Social implications and the lack of awareness of the impact on the privacy of others: Devices may not only record a user's activity, but also record the activities of those around the user.

"Right to forget": Users fear that when certain data are combined, they could have serious personal implications; users therefore want the data collected -- with or without user consent or awareness -- to be deleted.

Implications of location disclosure: Users are concerned that their GPS location may be made available to malicious parties and criminals.

Discrete display of confidential information: Confidential information displayed on smart watches may be viewable to other parties nearby.

Lack of access control: Users fear that organizations and the government may use their personal data without their awareness or consent.

Surveillance and sousveillance: Users fear continuous surveillance and sousveillance, not only as a matter of personal privacy, but also in light of the potential for criminal abuse.

Privacy concerns for head-mounted devices: Users are concerned that head-mounted display (HMD) computers with cameras and microphones may impact their privacy and the privacy of others.

Speech disclosure: Users express concerns about their speech being overheard or recorded by others.

Surreptitious audio and video recording: Users are concerned that wearables with camera and audio input may record them discreetly without their knowledge.

Facial recognition: Users are concerned that systems may recognize and identify them individually.

Automatic synchronization with social media: Some users do not like the idea of their devices immediately synchronizing with social media applications and sharing their data without being able to control this sharing.

Visual occlusion: Head-mounted displays that cover the user's field of view disrupt the user's ability to interact privately because vision is blocked.

(Image: Mike via Flickr)

(Image: Mike via Flickr)

According to PwC's report "Consumer Intelligence Series: The Wearable Technology Future," 82% of respondents in the survey indicated that they are worried that wearable technology would invade their privacy. Eighty-six percent expressed concern that wearables would make them more prone to security breaches.

Pew Research Center study "Americans' Privacy Perceptions and Behaviors" found that consumers lack confidence in their control over their personal information. Moreover, they are concerned about surveillance by companies and the government. Nintey-one percent agree or strongly agree that consumers have lost control over how personal information is collected and used by companies. Eighty-eight percent believe that it would be difficult to remove inaccurate information about them online. Eighty percent of those who use social networking sites say they are concerned about third parties accessing their data.

Though consumers indicate that they are concerned with privacy, many do little about it. They are passive about proprietary service providers (such as Google) amassing personal data for advertising purposes. There are a number of underlying issues causing this disconnect. Often, the company's privacy policy is not well understood. There is also the misperception of risk: Users psychologically discount the potential dangers associated with the control of their data. Some consumers are willing to choose usability, ease of use, and cost (in many cases, free) over privacy and security. Companies need to help consumers make informed decisions that weigh the benefits against the potential risks.

On the legislative front, Congress and some federal agencies are investigating the practices of third-party consumer data collectors. The FTC has recommended that Congress pass a law giving consumers the right to have access to their personal data compiled by data brokers. Regulators may require data resellers to periodically provide consumers with free data reports.

The panel discussion Data Privacy Trends 2015, facilitated by the Churchill Club, takes a serious look at user concerns about privacy.

Scott Amyx is the founder and CEO of Amyx+McKinsey, a wearables strategy agency specializing in smart wearables strategy and development. He writes for InformationWeek, Wired.com, IEEE Consumer Electronics Magazine, andIEEE Technology and Society Magazine, and he ... View Full Bio
Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/10/2015 | 1:51:43 PM
Re: Decisions
At the end of the day, all of this depends on a manufacturer actually doing what they say they'll do in regards to the data that's available. Like it or not, the data is available from these devices. There is nothing technical available to stop data from being used. We have to put some level of trust in the manufacturers, vendors, and whoever else has access to the data. There are legal recourse options, but that takes time to work through the courts and with regulatory agencies.

As always, privacy is a "buyer beware" proposition. Consumers have to know what is being shared so they can make an informed decision about whether to participate and about whether the vendor can be trusted.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
6/8/2015 | 3:20:45 PM
Re: Decisions
I think it is also is because a lot of users inherently trust the manufacturers, and assume that the only data being collected will be used for specific app-related tasks.  When it comes to privacy, many users are simply overwhelmed trying to understand all the implications, so often it's just easier to click "accept" than to really question the implications or try to understand if there are any opt-out opportunities for certain data types. 

It's only going to get worse, and sadly I don't think education is really going to help since many folks simply don't want to know, or don't care enough until there is a breach that affects them directly or unless told by a friend/trusted advisor that "yeah, you should really reconsider using this because of the privacy implications".
danielcawrey
100%
0%
danielcawrey,
User Rank: Ninja
6/8/2015 | 1:44:18 PM
Decisions
I'm not even sure informed decisions are enough to help consumers protect their privacy. Most people don't have the element of control to be able to make those decisions. That's because many privacy options are not easy for people to configure. I think if they were, there would be a good number of the privacy-concerned making those settings changes. 
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll