Mobile // Mobile Devices
Commentary
8/18/2014
12:06 PM
Ruby A. Zefo
Ruby A. Zefo
Commentary
100%
0%

Wearable Devices: Keep Data Privacy In Check

Consumers, businesses, and manufacturers can all help ensure that the privacy rights of those using wearables are respected and enforced.

Wearable devices are here: in bed, at home, on the street, and in the office. We often think of fitness bands and smartglasses, but wearables are proliferating in weird and wonderful ways via clothing, jewelry, ear buds, and tattoos.

This variety alone makes it difficult to define wearables. But one thing's for sure: Wearables carry with them enormous potential for individual and public good. They can help us track information like diet, exercise, and blood glucose levels that make us healthier. 

[The healthcare industry must head off trouble with wearables in clinical settings. Read Wearables In Healthcare: Privacy Rules Needed.]

Wearables often collect data that's then transferred to a smartphone app through a wireless connection. That data may also be transferred to the cloud to be stored or analyzed. The Basis band I'm testing collects my sleep habits and reports a sleep score, various depths of sleep, temperature, and toss-and-turn rate. I transfer that data to an app on my smartphone or computer, which creates reports that help me gain insight into my sleep habits. 

Aggregated in a way that respects privacy rights, data from wearable devices can be used for the common good, such as disease prevention. With their connection to the Internet, wearables can make mobile payments, send texts and emails, and create videos of our daily lives.  

However, each of these benefits carries risk. Personal health data in the wrong hands could lead to profiling or discrimination. You wouldn't want your daily ice cream and Breaking Bad binge-watching habits to wind up increasing your health insurance rates. Mapped to location data, wearables data can lead to safety issues. Add in payment information, and you could be the victim of identity theft.

Data privacy best practices
Given the personal nature of this collected data, our acceptance of wearables depends on feeling that we have privacy and security rights and trust in both the device and its ecosystem. Consumers, businesses, and manufacturers all face challenges but can use best practices to overcome them.

Consumers should investigate the data being collected, how it is being collected, where the data is going, who's using it and for what purpose, and whether the data is secure through its lifecycle. They can start by reviewing the provider's website and privacy policy. If the company does not provide enough information, they can contact customer service. If the consumer isn't satisfied with the answers, perhaps it's time to pick a different device.   

Businesses should start by adopting device-neutral policies because policies cannot keep up with technology. When someone asks me what to do about Google Glass wearers, I ask them, "What did we do about cell phones?" We do not have a specific "cell phone recording policy"; we have an audio/visual recording policy that applies to any kind of recording device. Businesses should also be transparent with employees about expectations of wearables in the enterprise and how the data will be used or monitored. Also, focus on security. For instance, piping company email from a corporate network to an unregistered device without appropriate security controls risks loss of personal information and intellectual property. Don't ignore wearables here -- they're another form of BYOD. When I ask security experts if they have a BYOD program at work and they say "No," I say, "Yes you do. It's just not authorized."

For manufacturers, good user experiences are derived by elegantly integrating privacy into product and service designs, not bolting it on later (or never). Be transparent about data collection and use. Notice and consent for device users is often essential, but infusing other privacy principles with more verve can help, such as data minimization, legitimate business purpose, transparency, and accountability. 

To that end, wearables providers -- in fact, all companies -- should take advantage of programs that educate their employees on privacy and data security, such as certification programs offered through the International Association of Privacy Professionals (IAPP).

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Ruby A. Zefo serves as Chief Privacy & Security Counsel for Intel. In that role, she manages Intel's global privacy and security legal group to enhance shareholder value through legal counseling on all privacy and security issues. She is also a member of the International ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
shamika
50%
50%
shamika,
User Rank: Ninja
8/31/2014 | 6:04:06 AM
Re: Mobile
A recent article explains, free Mobile Security gives you mobile antivirus protection and mobile tracking while concealing itself from would-be thieves.
shamika
50%
50%
shamika,
User Rank: Ninja
8/31/2014 | 6:02:40 AM
Mobile
This is an interesting article. Protecting customer data is an important aspect. With the increasing development of mobile technology, there are many apps which are used for easy access and references. Ex: Mobile Banking apps.

 
nomii
50%
50%
nomii,
User Rank: Ninja
8/27/2014 | 11:42:12 AM
Re: Tokenization can be done
@SachinEE I fail to get the tokenization concept usefulness in the encryption process. Can you explain a bit further. It seems a good way
nomii
50%
50%
nomii,
User Rank: Ninja
8/27/2014 | 11:39:05 AM
Re: Voluntary slippery slope
@SachinEE i agee with your observation and feels the same way the stand alone is the best remedy. I feel that any thing on substantial importance are not to be kept on anything shared with internet. BYOD is the best remedy to carry important documents along. Otherwise the way hacking is progressing, I believe we may have to even prove our identity  :)
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 3:33:58 PM
Re: Voluntary slippery slope
Cloud services need to be checked. They can be hacked too. It seems like anywhere we go we cannot find security from hackers unless we cut all digital links around us, which we cannot, so we need better security measures everywhere.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 3:30:37 PM
Tokenization can be done
Tokenization from peer to peer i.e. from wearable tech to smartphone to cloud can undergo a quick tokenization procedure that encrypts its data. Maybe not a tough encryption, but enough for the data to travel safely to the cloud. This will ensure safe data delivery.
nomii
50%
50%
nomii,
User Rank: Ninja
8/25/2014 | 1:43:02 PM
Re: Voluntary slippery slope
@Thomas I agree with your point. I believe that most of us has taken wrong notion of cloud services. We are trying to save every little thing on cloud to let go its burden. I believe that few things are quite sensitive to be kept there like health records or your personal information. We need to learn and try to find the best way the tech can benifit us.
nomii
50%
50%
nomii,
User Rank: Ninja
8/25/2014 | 1:36:55 PM
Re: Voluntary slippery slope
@Daniel crawry very true. Its about time that few things need to be changed. We do not want to keep our selves possessed with all kind of gadgetry. It creates great difficulty in keeping and handling. I am a great supporter of wearable but we need to find one great all rounder with customized services at the descrition of the user.
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
8/20/2014 | 4:18:48 PM
Re: Voluntary slippery slope
Another reason to move wearable data to the cloud, beyond file size, is to share it, Tom. You want to share with your biking group how much you're riding, or with your doctor how much you've been sleeping. But your point is a really good one -- people might start getting more mindful about whether data is cloud or on-device, and not just  default to cloud.   
GAProgrammer
50%
50%
GAProgrammer,
User Rank: Ninja
8/20/2014 | 9:44:38 AM
BYOD quote
"When I ask security experts if they have a BYOD program at work and they say "No," I say, "Yes you do. It's just not authorized."

Actually, we don't. We do not allow any personal devices on our corporate network. Sure, they can access some information from the web that can be accessed on a computer with a browser, but I wouldn't consider that BYOD. Even those cases are very rare, as we have computers everywhere. There is NO BYOD at our company - it's not being naive, it's called network security. No personal device is allowed on the corporate wireless intranet and the guest wireless is on a whole diff Last time I checked, no mobile devices can plug into the physical network. Am I missing something here? Maybe our definitions of BYOD are different?

To the article's point, there was a quote about wearables connecting directly to the internet - I don't know of any. Sure, there are medical sensors that do that, but I don't know if they would be considered a "wearable". It's a good point though - the definition of wearable might not be limited to form.
Page 1 / 2   >   >>
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.