Data Privacy Playbook For Wearables And IoT - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
11:06 AM
Scott Amyx
Scott Amyx

Data Privacy Playbook For Wearables And IoT

Wearables and the Internet of Things raise significant consumer privacy issues that you need to prepare for now. We outline the key concerns with a primer on how to get your organization ready.

Wearables And IoT Privacy Playbook

Wearables are becoming more intimate than ever before. Medical wearables startup Quanttus claims that its wristband collects 50 million unique data points and more than 400,000 vital sign measurements per person per day.

Obviously, this much data in the hands of a private company raises eyebrows -- and concerns. The patent damages, litigation risks of wearable and IoT data, and legal issues related to privacy and data ownership are yet unknown.

As we shift from opt-outs and unilateral privacy policies to consumer empowerment and data rights, what privacy framework should businesses and governments use? Amyx McKinsey's "Wearables and IoT Privacy Playbook" provides the necessary framework that not only helps consumers, but also keeps companies and governments one step ahead of the game.

Lead With Privacy

Privacy should not be a stop-gap measure to fend off bad press after a data breach. Rather, privacy itself is the market differentiation and product benefit. Exceptional leaders in wearables and IoT will choose to lead with privacy. Why? It's not simply because they don't want to be perceived as a ticking bomb, but rather because a great leader truly has customers' best interests at heart. Established visionaries voluntarily comply -- and in some cases, exceed -- industry standards to demonstrate their understanding of their customers' needs. When consumers feel that you have their best interests in mind, they will seek out your company's products or services repeatedly.

Besides the obvious bonus of protecting your customers in the digital realm, not leading with privacy can be costly. The list of Top 20 Government-imposed Data Privacy Fines Worldwide from 1999-2014 is a harsh reminder that failing to take consumer interests to heart can be damaging to your bottom line.

Hire a Chief Privacy Officer

Nothing communicates to the market and your customers that you are serious about privacy than establishing a Chief Privacy Officer (CPO) at the senior executive level of your organization. The CPO is responsible for managing the risks and business impacts of privacy laws and policies, including personal data, quantified self data, medical data, financial information, and laws and regulations such as HIPAA, the Fair Credit Reporting Act, and the Gramm-Leach-Bliley Act.

Start With Privacy by Design

The best way to approach privacy is to attack it from design. Patch-work after a system is already implemented is difficult and costly. Privacy by Design (PbD) is a framework that takes privacy into account throughout the entire product development and management process. The 7 Foundational Principles of PbD are:

  1. proactive not reactive
  2. privacy as the default setting
  3. privacy embedded into design
  4. full functionality -- positive-sum, not zero-sum
  5. end-to-end security
  6. visibility and transparency
  7. respect for user privacy


Advertising Consortiums

Industry consortiums provide best practices on privacy policy, data governance, and consumer data protection. These self-regulatory bodies help promote consumer privacy and trust by creating and enforcing high standards for responsible data collection and use practices among its members, including third-party advertising companies.

The Digital Advertising Alliance (DAA), a self-regulatory group comprised of advertising and media companies, publishes a number of privacy guidelines on topics such as Self-Regulatory Principles for the Mobile Environment, Online Behavioral Advertising, and Multi-Site Data. The guidelines for the Self-Regulatory Principles for the Mobile Environment establish notice and consent requirements and options for cross-app data, precise location data, and personal directory data. Personal data includes calendar, address book, phone and text log, or photo and video data created by a consumer that is stored on or accessed through a particular device.

The Network Advertising Initiative (NAI), a leading self-regulatory association dedicated to responsible data collection and its use for digital advertising, coordinates with the DAA on best practices and guidelines for online and mobile environments.

Scott Amyx is the founder and CEO of Amyx+McKinsey, a wearables strategy agency specializing in smart wearables strategy and development. He writes for InformationWeek,, IEEE Consumer Electronics Magazine, andIEEE Technology and Society Magazine, and he ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 6
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/10/2015 | 1:51:43 PM
Re: Decisions
At the end of the day, all of this depends on a manufacturer actually doing what they say they'll do in regards to the data that's available. Like it or not, the data is available from these devices. There is nothing technical available to stop data from being used. We have to put some level of trust in the manufacturers, vendors, and whoever else has access to the data. There are legal recourse options, but that takes time to work through the courts and with regulatory agencies.

As always, privacy is a "buyer beware" proposition. Consumers have to know what is being shared so they can make an informed decision about whether to participate and about whether the vendor can be trusted.
User Rank: Ninja
6/8/2015 | 3:20:45 PM
Re: Decisions
I think it is also is because a lot of users inherently trust the manufacturers, and assume that the only data being collected will be used for specific app-related tasks.  When it comes to privacy, many users are simply overwhelmed trying to understand all the implications, so often it's just easier to click "accept" than to really question the implications or try to understand if there are any opt-out opportunities for certain data types. 

It's only going to get worse, and sadly I don't think education is really going to help since many folks simply don't want to know, or don't care enough until there is a breach that affects them directly or unless told by a friend/trusted advisor that "yeah, you should really reconsider using this because of the privacy implications".
User Rank: Ninja
6/8/2015 | 1:44:18 PM
I'm not even sure informed decisions are enough to help consumers protect their privacy. Most people don't have the element of control to be able to make those decisions. That's because many privacy options are not easy for people to configure. I think if they were, there would be a good number of the privacy-concerned making those settings changes. 
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll