Hackers seem to always go after the weakest link; the current wave of “wannacry” attacks is testimony.
Given the amount of damage it is doing, I think most companies will get very serious very quickly about getting rid of the outdated Windows XP installations that are vulnerable. But these are just the tip of the iceberg.
The amount of customer data collected through social media networks and the Internet of Things initiatives is ever growing. Devices in cars, homes, wearables and toys all collect data about their users. Case in point is the smart doll, My Friend Cayla, banned by Germany as an “illegal espionage apparatus.” The doll, which was Bluetooth enabled, could have been used to spy on children and collect their personal data.
So what will happen if hackers hold your customer data to ransom? What if the network that is gathering this data comes from a smart home network or your self-driving car?
The dangers that lurk mean that anyone involved with IoT must establish trust from the user community—trust that their data is private, that it is protected. And, let’s face it; trust is in short supply these days. For example, German researchers found that 59% of devices failed to adequately explain to customers how their personal information was collected, used and disclosed. They also found that 68% failed to properly explain how information was stored and 72% didn’t explain consumers how to delete their data off the device.
European governments are waking up too and want you to be getting serious on this, hence the introduction of privacy regulations.
Data privacy should be a big deal for any IoT related project—the IoT is all about data; and GDPR is all about data privacy. The remit of GDPR encompasses any data transmitted by devices (and stored) from users based in the EU. Which is why anyone associated with IoT needs to know where their customers’ data is.
Many articles about GDPR try to invoke fear and shivers—mainly pointing out the big fines companies can rack up when being non-compliant. But I would prefer to look at the good opportunities that GDPR can offer.
By complying with GDPR (and, in its wake, the ePrivacy electronic communications regulation), providers have the opportunity to positively influence their future— not only from a governance standpoint but from the buyer’s perspective.
There are three things you can do now that will stand you in good stead, and even give you an advantage over your competitors:
- Make someone accountable. GDPR requires organizations to appoint a Data Protection Officer. Your DPO can get a jump start on where your IoT data is and what is happening with it.
- Set up a customer consent program. Under GDPR, anyone collecting data must offer customers and users the ability to actively decide whether they want their data used.
- Make your data secure. The security of customers’ data needs to be actively enforced and upgraded over the lifespan of the data; and the destinations of the data must be tracked.
These are things that can help the IoT industry to regain trust from its audience. It sounds simple but getting it done requires dedication, determination and tenacity.