When All You Want for the Holiday's is the Latest IoT Device
Does your holiday wish list have a Google home, Nest thermostat, Smarter iKettle, Fitbit Versa smartwatch (guilty), or another internet-connected device on it? Before making your wish list be sure to consider the potential privacy and security concerns that can accompany these so-called Internet of Things (IoT) devices.
While IoT devices are convenient and offer users a lot of useful information and services, they can also collect an enormous amount of data about you and your personal habits. In some cases, you may choose to share such information. But in other cases, the device may collect it automatically. For example, by analyzing when you interact with an IoT device, the maker may be able to infer when you come and go from your home or even your sleeping habits. For wearable IoT devices such as smartwatches, an IoT maker may know your location and be able to figure out when you are on vacation, your exercise habits, and other health-related information. This is a lot of data to entrust to an IoT device maker without knowing how this data will be used, shared or sold. Therefore, consumers should be concerned with the device maker’s privacy and security practices.
Privacy concerns not only include what information the device maker collects about you but how the device maker uses that data. Does the device maker use it only for the purpose for which the consumer provided the data? Or, does it use that data to market to you? Does it share or sell that data and, if so, for what purposes? What confidentiality obligations are these third-parties bound by? As far as security goes, what assurances has the maker given that it has put adequate safeguards in place to protect the data from being hacked?
Before putting your wish list together for an IoT device, you should carefully weigh the benefits of owning the device against the data privacy and security risks. If the benefits outweigh the risks, consider keeping it on your list. The Fitbit Versa smartwatch is still on mine.
Ask the Blogger
Do you have a topic that you would like discussed in a future blog article? Please let us know. If you have a confidential question regarding a blog article, please feel free to contact the article's author directly, or let us know if you would like for someone to contact you directly.
Jane Hils Shea has lead FBT’s Privacy and Information Security Practice Area since its creation in 2001 and is a Certified Information Privacy Professional (CIPP-US).