Top Internet of Things privacy and security concerns
Is all data created equal?
During our discussion on IoT privacy and security, Apperian Inc. chief marketing officer Mark Lorion suggested that not all IoT data requires the same degree of security. For example, medical, financial or even geographic data likely requires a higher level of security than pedometer data or the like. Hacking an IoT-enabled insulin pump can seriously endanger the physical safety of a user, whereas hacking a FitBit cannot.
Brian Katz, director of EUC Mobility Strategy at VMware, responded to Lorion by further stressing the idea that not all data is created equal -- especially when it comes to IoT data:
@mark_lorion @hrkoeppel @txs Which is why you must understand the data you're collecting/where in the security spectrum it falls #CIOchat— Brian Katz (@bmkatz) January 28, 2015
@bmkatz @hrkoeppel @txs Agree. And let users determine what it's worth. #CIOChat— Mark Lorion (@mark_lorion) January 28, 2015
Who owns the (IoT) data?
Letting users decide what their data is worth helps put control back in their hands, but is it their data to control? Does the organization capturing or storing the data have a right to it? Participants -- including Forrester analyst Tyler Shields -- debated the subject of data ownership:
a3. Companies can't assume that they have rights to all of a user's data for wearables for example…user owns that data #CIOchat— Brian Katz (@bmkatz) January 28, 2015
@bmkatz @searchCIO #CIOChat Why can't they? There is no law against it and little business risk. (not advocating it.. just saying)— Tyler Shields (@txs) January 28, 2015
@txs @searchCIO Actually if it is health data the user owns it and can apply to HIPAA etc…you need permission for that #CIOchat— Brian Katz (@bmkatz) January 28, 2015
Forrester analyst Eve Maler put it differently when speaking to SearchCIO about companies' data ownership expectations: "It's as though companies are automatically granted access to consumers' personal data by virtue of their privileged position, versus consumers controlling the information that is sharable."