Mobile // Mobile Devices
Commentary
8/18/2014
12:06 PM
Ruby A. Zefo
Ruby A. Zefo
Commentary
Connect Directly
RSS
E-Mail
100%
0%

Wearable Devices: Keep Data Privacy In Check

Consumers, businesses, and manufacturers can all help ensure that the privacy rights of those using wearables are respected and enforced.

Wearable devices are here: in bed, at home, on the street, and in the office. We often think of fitness bands and smartglasses, but wearables are proliferating in weird and wonderful ways via clothing, jewelry, ear buds, and tattoos.

This variety alone makes it difficult to define wearables. But one thing's for sure: Wearables carry with them enormous potential for individual and public good. They can help us track information like diet, exercise, and blood glucose levels that make us healthier. 

[The healthcare industry must head off trouble with wearables in clinical settings. Read Wearables In Healthcare: Privacy Rules Needed.]

Wearables often collect data that's then transferred to a smartphone app through a wireless connection. That data may also be transferred to the cloud to be stored or analyzed. The Basis band I'm testing collects my sleep habits and reports a sleep score, various depths of sleep, temperature, and toss-and-turn rate. I transfer that data to an app on my smartphone or computer, which creates reports that help me gain insight into my sleep habits. 

Aggregated in a way that respects privacy rights, data from wearable devices can be used for the common good, such as disease prevention. With their connection to the Internet, wearables can make mobile payments, send texts and emails, and create videos of our daily lives.  

However, each of these benefits carries risk. Personal health data in the wrong hands could lead to profiling or discrimination. You wouldn't want your daily ice cream and Breaking Bad binge-watching habits to wind up increasing your health insurance rates. Mapped to location data, wearables data can lead to safety issues. Add in payment information, and you could be the victim of identity theft.

Data privacy best practices
Given the personal nature of this collected data, our acceptance of wearables depends on feeling that we have privacy and security rights and trust in both the device and its ecosystem. Consumers, businesses, and manufacturers all face challenges but can use best practices to overcome them.

Consumers should investigate the data being collected, how it is being collected, where the data is going, who's using it and for what purpose, and whether the data is secure through its lifecycle. They can start by reviewing the provider's website and privacy policy. If the company does not provide enough information, they can contact customer service. If the consumer isn't satisfied with the answers, perhaps it's time to pick a different device.   

Businesses should start by adopting device-neutral policies because policies cannot keep up with technology. When someone asks me what to do about Google Glass wearers, I ask them, "What did we do about cell phones?" We do not have a specific "cell phone recording policy"; we have an audio/visual recording policy that applies to any kind of recording device. Businesses should also be transparent with employees about expectations of wearables in the enterprise and how the data will be used or monitored. Also, focus on security. For instance, piping company email from a corporate network to an unregistered device without appropriate security controls risks loss of personal information and intellectual property. Don't ignore wearables here -- they're another form of BYOD. When I ask security experts if they have a BYOD program at work and they say "No," I say, "Yes you do. It's just not authorized."

For manufacturers, good user experiences are derived by elegantly integrating privacy into product and service designs, not bolting it on later (or never). Be transparent about data collection and use. Notice and consent for device users is often essential, but infusing other privacy principles with more verve can help, such as data minimization, legitimate business purpose, transparency, and accountability. 

To that end, wearables providers -- in fact, all companies -- should take advantage of programs that educate their employees on privacy and data security, such as certification programs offered through the International Association of Privacy Professionals (IAPP).

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Ruby A. Zefo serves as Chief Privacy & Security Counsel for Intel. In that role, she manages Intel's global privacy and security legal group to enhance shareholder value through legal counseling on all privacy and security issues. She is also a member of the International ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
8/19/2014 | 12:57:37 PM
Law
I'd quite like to see some pre-emptive legislation be put in place to govern wearable data. Some of it is just far too sensitive for the whims of new startups with little security experience, or lackadaisical developers to handle it.

I'm usually one for free market principles to dominate and for end user common sense to prevail, but things like health, heart rate signatures, potentially glucose blood levels, this is all information that feels far too personal for a wearable company to have access to and potentially sell on unless I comb through its entire privacy policy before hand. 

I will do of course, but I'd like a solid alternative. 
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/18/2014 | 7:48:38 PM
Re: Voluntary slippery slope
For me, the reason to utilize the cloud is for easy retrieval of my data across multiple devices. This may not apply well to wearables, though. If the device can communicate with my phone and store data there, maybe I don't need it to access the cloud.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/18/2014 | 7:47:37 PM
Re: Voluntary slippery slope
I think the day of the wearable replacing the cell phone is quite a ways off. The overwhelming trend in cell phones is larger screens, at least for now. Even Apple has caved into the consumer pressure. Wearables, with few exception, don't fit that description. The majority, again with a few exceptions, of wearables still require another device to do most of the real processing. They are evolving, and there are some great use cases out there, but it is still a technology in its infancy.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
8/18/2014 | 7:28:16 PM
Re: Voluntary slippery slope
I question whether personal data of this sort really needs to be stored in the cloud. You can store quite a bit on a tiny SD card these days. Moving data to the cloud shouldn't be necessary unless you're talking about pictures or videos, which take up lots of space.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
8/18/2014 | 6:06:29 PM
Re: Voluntary slippery slope
I like the comparison with cell phones here.

I think that even with the progression in mobile devices to smartphones and tablets we're still evolving the privacy debate.

Wearables will be another precedent, and I have to wonder if wearables will do to mobile devices what the latter did to PCs – it changed the whole game when you really think about it. Interestig stuff if you ask me..
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/18/2014 | 5:02:33 PM
Re: Voluntary slippery slope
Right -- it used to be the norm to have a full-service gas station. Then, someone figured out they could do self-serve, shave a nickel off a gallon of gas, people would come for the savings. Well, now, self-serve is the norm and you have to pay to get the service that once was included.

For customers to flock en masse to a "discount" that actually costs them something (either labor or, in this case, privacy) may be a win in the short term. But eventually, it comes back to bite us.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/18/2014 | 4:02:16 PM
Re: Voluntary slippery slope
That is a very real risk, Lorna. The insurance company can say that they don't penalize anyone, but all too often rates go down for the "good participants." That means the non-participants pay higher fees. Not higher than they had before, but higher than they should have. This is a very slippery slope with health insurance too, even as employers are now commonly penalizing poor habits like smoking.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/18/2014 | 2:24:06 PM
Voluntary slippery slope
One smart device that interests me is the tracker that insurance companies would like us to install in our cars. Currently, these are optional, with the "carrot" being a break on your rates if you're a safe driver as revealed by the device. However, logic dictates that as more drivers accept these devices, insurers will start considering that the norm, cut back on incentives, and penalize those who decline.

One could see the same path being taken by other insurers -- health and homeowners. 
<<   <   Page 2 / 2
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.