How should companies address IoT privacy concerns? Brian Katz, director of EUC Mobility Strategy at VMware, suggests building IoT into policies is a good start. Katz wasn't alone in this thinking: VDC Research Director Eric Klein also emphasized the importance of effective policies to address IoT privacy concerns:
A3: Policies are critical - difficult balancing safety/security/privacy/compliance across an array of diverse regions & users #ciochat
— Eric Klein (@eakleiner) January 28, 2015
IT teams should approach IoT policy integration just like any other technology or resource, according to Amrit Williams DePaulo, CTO at CloudPassage:
@searchCIO Apply same sec principles to IoT that are applied to all corp resources & ensure sec & risk r involved prior to deploy #CIOchat
— Amrit DePaulo (@amrittsering) January 28, 2015
Data transparency: turning privacy into policy
Apple CEO Tim Cook took aim at Facebook, Google and other companies last fall for what he called their exploitive privacy policies, while extolling Apple's privacy-first business approach. More companies should make privacy a priority and give users more control over what IoT data gets collected and why, according to SearchCIO followers. During the #CIOChat, participants applied this privacy ideal to the workplace, saying that employees should have the choice to opt out of having their data collected -- or at least know upfront how that data is being used:
@TT_Nicole #CIOChat yes and employees should have some way to opt out or have some level of control
— hrkoeppel (@hrkoeppel) January 28, 2015
Vernon Turner, senior vice president at research firm IDC, warned in a SearchCIO blog post that organizations or individuals who don't accept data transparency will be "almost impossible" to trust.
In a recent report by the Federal Trade Commission (FTC) on IoT privacy and security, the FTC mirrors this sentiment by stating that transparency and limiting the collection of personal information is critical to upholding user privacy ideals. During our #CIOChat, Shorenstein CIO Stuart Appley emphasized the importance of having some level of user control and security oversight when it comes to IoT devices in the workplace:
A3 - If users want to "connect" to corp data,then should be BYOD model. Needs sec oversight. Have option of "not connecting" #ciochat
— Stuart Appley (@sappley) January 28, 2015