Smart thermostats, household security systems, baby monitors, and AI assistants, such as Alexa, have infiltrated consumer lives and homes, bringing new conveniences as well as a host of questions. If you are a consumer, maybe you wonder how much information about you is being collected and stored. Are they monitoring or collecting your data at all times? But if you are a company that offers these devices to consumers, your responsibilities may be more complex.
We are all familiar with the privacy disclosures we see when we download a new app to our mobile phones, and that's probably the most well-recognized example of what corporations need to do to ensure they comply with regulations and also be up front with their customers about what to expect in terms of privacy and protections.
But privacy in an age of the Internet of Things (IoT) goes well beyond these disclosures on mobile phone apps, according to attorney Alysa Hutnik, a partner in the advertising and marketing, and privacy and information security practices at Kelley Drye & Warren LLP in Washington DC. Hutnik is also a speaker at Interop ITX on May 17 when she will address the topic IoT is Coming: Beware the Privacy & Legal Gotchas.
Hutnik told InformationWeek in an interview that beyond those "gotchas" there are plenty of benefits to doing things the right way. For instance, it is better to set privacy expectations with customers up front and tell them exactly what to expect. When you do that, you create an environment of trust between the customer and the company.
"It affects consumer choices," she told InformationWeek. "That will only continue as consumers continue to be more sophisticated."
For instance, if you market to a customer in a way that shows you know a lot of personal information about that customer, it could be perceived as creepy, according to Hutnik. But if you tell the customer that you are collecting information about them in order to personalize the offers you provide to them, the customer is more likely to appreciate the benefit of that. You mitigate the "creepy" factor in that way.
There are risks as well as benefits, and many companies are determining the best approach to take now for their organization. Some companies look at a boilerplate privacy disclosure and policy to tack onto their offering at the end. That's a mistake, Hutnik said.
"It's difficult to copy and paste a privacy statement and have it be totally right," she said. "When you do post a privacy notice, it must be accurate."
The Federal Trade Commission is overseeing problems with such policies, and they are taking it seriously in terms of consumer protection. Hutnik said that the FTC has taken over 100 enforcement cases, and those are just the ones that are publicly known.
Companies can find themselves at risk if they haven't taken the appropriate steps to protect consumer interests, especially if they end up having a data breach where consumer information is exposed or stolen. Litigation can be costly and result in settlements that require micromanagement of the business, and no one wants that.
"Then you are under the spotlight," she said.
Concerns are growing as more high-profile startup companies offer devices and then stop supporting them due to an acquisition or the business closing down.
To get you started in the right direction with your privacy, security, and IoT policies, Hutnik promises she will offer a very focused session that helps people identify "key low hanging fruit that they should know but don't know. These are common sense, but really important considerations when designing and marketing your IoT product," Hutnik said.