If everything is connected how will anyone have any privacy?
Currently, more than 4 billion users, about 54% of the world’s population, are digitally connected. At the same time, Gartner estimates that there are more than 8.4 billion devices currently connected and predicts this number will reach more than 20 billion by 2020. Before long, almost everyone and everything will be connected.
Today, we speak of the “internet” when we are talking about the devices and services that help people communicate. We make a distinction when we talk about the system of interrelated devices, machines, objects, animals or people that have the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. We call that the internet of things.
The potential benefits from this increasing connection are incredible. But as we move towards this era of everything becoming connected, there will be more and more concern about the security and usage of the personal data that gets collected, used and disseminated. Data breaches highlight the vulnerability of our personal information and underscore the importance.
We must take into account the aspects of IoT and information technology that determine what data in an organization’s computer system can be shared with third parties, what is generally called data or information privacy. Just as the value of IoT depends so much on your industry, when we talk about privacy, it is useful to divide the market into three basic segments: consumer, services/public sector, and industrial/enterprise. Let’s look at a representative use case for each segment and potential privacy concerns.
Consumer IoT
The potential safety, mobility and efficiency benefits of automated vehicles are many. These vehicles are also expected to generate an enormous amount of data, some of which will be personal and sensitive, such as real-time precise geolocation data and the contents of driver communications that result when they connect their mobile phones to a vehicle’s computer system. Connected devices often ask users to input personal information, such as their name, age, gender, email address, home address, phone number and social media accounts.
Other consumer IoT use cases, such as virtual assistants, connected health monitoring, consumer marketing, tracking product usage and performance, and so forth, often ask users to input personal information, such as their name, age, gender, email address, home address, phone number and social media accounts, creating further privacy concerns.
Public sector and ‘smart’ city use cases
So-called “smart” cities have the potential to provide higher quality services at lower costs by eliminating redundancies and streamlining city workers’ responsibilities. Cities are installing boxes on municipal light poles with sensors and cameras that can capture air quality, sound levels, temperature, water levels on streets and gutters, and traffic, identifying ways to save energy, to address urban flooding and improve living conditions.
Public sector IoT data also includes the data present in city registers, the data from government or corporate surveys, and the data from social media updates. This data is often combined and linked in order to produce joint indicators of city well-being, economic vitality or safety. Increasingly, local governments make this data also available to the wider public. All of this raises issues about who has legitimate access, which data can be opened up to public usage and what is the appropriate privacy framework for the linkage of different data.
Industrial/enterprise and the connected factory
Using IIoT, a company can connect devices, assets and sensors to collect untapped data. This also allows a company to deliver scalable, reliable applications faster to meet the ever-changing demands of its customers. For example, in a connected factory, sensor-enabled equipment can supply helpful data about its continuing condition. This information can be analyzed to predict when and where equipment might break down, helping factories to prevent production shutdown. In the event a breakdown does occur, a factory can analyze this data to determine the problem and take corrective actions to prevent future occurrences. This allows them to shift more attention toward innovation instead of infrastructure management.
Tips for maintaining data privacy in your IoT program
In each of the segments above, at some point data includes not just input from sensors, but also personal data. That’s easy to see in the consumer IoT and public sector IoT, where data sets regularly include customer usage and behavior data. But even in IIoT, understanding how analytic data will be used and by whom, as well as integrating human needs and concerns into the system, means including some amount of “personal” information.
The most obvious policy any company can implement to enhance data privacy is to implement and enforce technological data protection measures to help prevent breaches in the first place, including but not limited to encrypting data at rest and destroying “personal” data when not needed. When personal data is encrypted, even if an unauthorized third party finds a way to see the data they cannot read it or collect it. (For more about privacy and security see this Deloitte Insights article.)
IoT is on track to connect ever more devices that do not require human-to-human communication and provide data to fundamentally disrupt enterprises by turning linear processes into networks. More and more data is being collected and processed, which is unearthing previously unimagined value by making companies ever more efficient and responsive.
And, more and more, some of this data will require new approaches to security and privacy. As we look forward, companies should develop integrated, enterprise-level approaches to data governance by strengthening and implementing data protocols and policies.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.