Wearable Devices: Keep Data Privacy In Check - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
Commentary
8/18/2014
12:06 PM
Ruby A. Zefo
Ruby A. Zefo
Commentary
100%
0%

Wearable Devices: Keep Data Privacy In Check

Consumers, businesses, and manufacturers can all help ensure that the privacy rights of those using wearables are respected and enforced.

Wearable devices are here: in bed, at home, on the street, and in the office. We often think of fitness bands and smartglasses, but wearables are proliferating in weird and wonderful ways via clothing, jewelry, ear buds, and tattoos.

This variety alone makes it difficult to define wearables. But one thing's for sure: Wearables carry with them enormous potential for individual and public good. They can help us track information like diet, exercise, and blood glucose levels that make us healthier. 

[The healthcare industry must head off trouble with wearables in clinical settings. Read Wearables In Healthcare: Privacy Rules Needed.]

Wearables often collect data that's then transferred to a smartphone app through a wireless connection. That data may also be transferred to the cloud to be stored or analyzed. The Basis band I'm testing collects my sleep habits and reports a sleep score, various depths of sleep, temperature, and toss-and-turn rate. I transfer that data to an app on my smartphone or computer, which creates reports that help me gain insight into my sleep habits. 

Aggregated in a way that respects privacy rights, data from wearable devices can be used for the common good, such as disease prevention. With their connection to the Internet, wearables can make mobile payments, send texts and emails, and create videos of our daily lives.  

However, each of these benefits carries risk. Personal health data in the wrong hands could lead to profiling or discrimination. You wouldn't want your daily ice cream and Breaking Bad binge-watching habits to wind up increasing your health insurance rates. Mapped to location data, wearables data can lead to safety issues. Add in payment information, and you could be the victim of identity theft.

Data privacy best practices
Given the personal nature of this collected data, our acceptance of wearables depends on feeling that we have privacy and security rights and trust in both the device and its ecosystem. Consumers, businesses, and manufacturers all face challenges but can use best practices to overcome them.

Consumers should investigate the data being collected, how it is being collected, where the data is going, who's using it and for what purpose, and whether the data is secure through its lifecycle. They can start by reviewing the provider's website and privacy policy. If the company does not provide enough information, they can contact customer service. If the consumer isn't satisfied with the answers, perhaps it's time to pick a different device.   

Businesses should start by adopting device-neutral policies because policies cannot keep up with technology. When someone asks me what to do about Google Glass wearers, I ask them, "What did we do about cell phones?" We do not have a specific "cell phone recording policy"; we have an audio/visual recording policy that applies to any kind of recording device. Businesses should also be transparent with employees about expectations of wearables in the enterprise and how the data will be used or monitored. Also, focus on security. For instance, piping company email from a corporate network to an unregistered device without appropriate security controls risks loss of personal information and intellectual property. Don't ignore wearables here -- they're another form of BYOD. When I ask security experts if they have a BYOD program at work and they say "No," I say, "Yes you do. It's just not authorized."

For manufacturers, good user experiences are derived by elegantly integrating privacy into product and service designs, not bolting it on later (or never). Be transparent about data collection and use. Notice and consent for device users is often essential, but infusing other privacy principles with more verve can help, such as data minimization, legitimate business purpose, transparency, and accountability. 

To that end, wearables providers -- in fact, all companies -- should take advantage of programs that educate their employees on privacy and data security, such as certification programs offered through the International Association of Privacy Professionals (IAPP).

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Ruby A. Zefo serves as Chief Privacy & Security Counsel for Intel. In that role, she manages Intel's global privacy and security legal group to enhance shareholder value through legal counseling on all privacy and security issues. She is also a member of the International ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
8/20/2014 | 4:18:48 PM
Re: Voluntary slippery slope
Another reason to move wearable data to the cloud, beyond file size, is to share it, Tom. You want to share with your biking group how much you're riding, or with your doctor how much you've been sleeping. But your point is a really good one -- people might start getting more mindful about whether data is cloud or on-device, and not just  default to cloud.   
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
8/18/2014 | 7:28:16 PM
Re: Voluntary slippery slope
I question whether personal data of this sort really needs to be stored in the cloud. You can store quite a bit on a tiny SD card these days. Moving data to the cloud shouldn't be necessary unless you're talking about pictures or videos, which take up lots of space.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/18/2014 | 5:02:33 PM
Re: Voluntary slippery slope
Right -- it used to be the norm to have a full-service gas station. Then, someone figured out they could do self-serve, shave a nickel off a gallon of gas, people would come for the savings. Well, now, self-serve is the norm and you have to pay to get the service that once was included.

For customers to flock en masse to a "discount" that actually costs them something (either labor or, in this case, privacy) may be a win in the short term. But eventually, it comes back to bite us.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/18/2014 | 2:24:06 PM
Voluntary slippery slope
One smart device that interests me is the tracker that insurance companies would like us to install in our cars. Currently, these are optional, with the "carrot" being a break on your rates if you're a safe driver as revealed by the device. However, logic dictates that as more drivers accept these devices, insurers will start considering that the norm, cut back on incentives, and penalize those who decline.

One could see the same path being taken by other insurers -- health and homeowners. 
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll