https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

Sound Data Privacy Policy Can Drive Market Differentiation

Manufacturers of IoT-enabled products should optimize customer experience while minimizing regulatory risk when crafting a data privacy policy. 
  • Written by Brian Buntz
  • 2nd March 2020

When it comes to consumer technologies such as the Internet Things (IoT), the shift enables businesses to adapt their data privacy policy to redefine their customer interactions. Organizations with mature data privacy policy can use security and privacy as point of competitive differentiation, according to Lisa Donchak, engagement manager at McKinsey & Co. While those that don’t risk reputational bruising or potentially running afoul of a growing number of privacy regulations. The increasing amount of data business-to-consumer companies collect on their customers is a “double-edged sword,” Donchak said. “On one hand, you can do some amazing analytics, better understand your consumer and craft value propositions around that. On the other hand, there’s an increased responsibility to handle the data the right way.”

Many organizations struggle to keep abreast of the changing privacy landscape, and consumers are growing more aware of the data devices such as smart speakers to smartphones to facial-recognition-enabled surveillance cameras collect.

For manufacturers, studying relevant IoT security frameworks and regulations is vital. They should also think of risk from a variety of viewpoints, suggested Jeff Wilbur, technical director at the Online Trust Alliance at the Smart Home Summit. For a consumer, a threat can be internal or external, he said. “If you’re a homeowner, you might wonder: ‘Are people spying on me? Can they open my door? Can they get my data?’ But there’s also an external threat where IoT devices can be weaponized such as with the Mirai botnet,” Wilbur said. “That’s where the government has the most concern.” 

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

Not only are data breaches frequent, they have become more severe in recent years. “Historically, a breach of credit card numbers caused minor inconveniences for a small subset of users who had to wait to receive a new credit card,” said Ben Auton, vice president at SpearTip. But the number of breaches exposing highly sensitive data, including personal images, financial and medical histories, is increasing. “This intimate, personal impact is unprecedented, and will certainly increase public awareness and aversion to this level of data being maintained by private companies,” Auton added. “In the end, this will likely lead to continued policy development and regulation.” 

In the event a company is breached, the response matters. “That’s a very strong signal,” she added. “Just saying you care about users’ security or privacy is not impactful.” 

Consumer-facing industries must also wrestle with a lack of trust from the public. Internal McKinsey research found that fewer than half of consumers trusted organizations ranging from health care and financial service institutions (both with 44%) to consumer packaged good companies. Consumer trust in technology companies is also waning, according to the 2019 Edelman Trust Barometer report. 

Proving Trustworthiness 

Given the  public’s eroding trust, organizations deploying technology in consumer contexts should ask only for personal data that is relevant for a given interaction. Organizations with a conservative data privacy policy can convey data management maturity to their users, according to Donchak. “We also recommend creating a map of where all your data is inside and outside your organization. After that, you can create clear policies about where and how it is used,” she said. 

Such considerations are particularly important when consumers have choice in the marketplace. McKinsey has noted a growing trend of consumers who avoid doing business with a company with problematic or unclear privacy practices. Internal research from the advisory firm found 85% of consumers stated they would avoid doing business with a company if they lacked trust in its security practices. Seven out of 10 consumers McKinsey surveyed said they would stop doing business with a company if it shared sensitive data with other parties without their permission.

The Importance of Clarity

Still, when consumers don’t have a choice, they may be forced to use a vendor with problematic security or privacy protections, said Chester Wisniewski, a principal research scientist at Sophos. In some cases, the question of how an IoT device gathers and uses data is unclear, even for cybersecurity specialists. “I read my TV’s privacy policy, and I can’t make heads or tails of exactly what it’s collecting,” Wisniewski said. 

License agreements don’t effectively communicate data privacy policy, agreed Deral Heiland, IoT research lead at Rapid7. “How often do you read those?” he asked. “And if a company changes hands, those user policies can easily change, and consumers tend to get a little notification.” 

Consumer IoT device makers should remind their customers regularly which types of data are collected, and offer an opt-out option. “That’s a pretty good approach because, if you as a consumer are not comfortable with something, you can turn it off,” Donchak said. 

Beyond the simple opt-in/opt-out model, another approach is to focus on informing consumers when and how their data is used. “Look at what Estonia does in health care,” said Will Ackerly, chief technology officer of Virtru. The country has deployed a centralized approach for unifying medical information that can notify patients when their data is accessed. “If a doctor reads your health record, you can get a text message,” Ackerly said. “The idea is to create a system that makes data self-protecting.”

Tags: Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

The eSIM Cookbook – Towards the Next Generation of Connected Devices

22nd February 2021

eSIM Delivers Greater Freedom for OEMs – by Beecham Research and Truphone

22nd February 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD sponsor, @aicas_IoT — a flexible, more efficient approach to embedded realtime application… twitter.com/i/web/status/1…

4th March 2021
IoTWorldToday, IoTWorldSeries

Microsoft Ignite 2021: Innovation in COVID-19 Era Signals Future Trends dlvr.it/RtwYcg

4th March 2021
IoTWorldToday, IoTWorldSeries

At Microsoft Ignite: How IoT and Robotics Are Driving Industry 4.0 dlvr.it/Rttgwj

3rd March 2021
IoTWorldToday, IoTWorldSeries

🎙️ Introducing #EIOTWORLD speaker, Obinna Ilochonwu, Industrial IoT Architect at Schlumberger. 📅 Join his session… twitter.com/i/web/status/1…

2nd March 2021
IoTWorldToday, IoTWorldSeries

#Smartbuilding technology lays the foundation for #energyefficiency efforts but also new COVID-19 goals, such as… twitter.com/i/web/status/1…

2nd March 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X