Are organizations considering IoT data privacy?

As the adoption of IoT continues, businesses must consider the potential emerging data privacy implications.
26 September 2019

IoT can be a great benefit to healthcare. Source: Shutterstock

IoT is already helping businesses reduce production time and increase productivity.

Across domains like retail, education, communications, media, healthcare, and social services, data accumulated from networks of sensors are unearthing new opportunities to glean valuable insights for product development, maintenance, and improvement. 

The scale of opportunities, and need to maintain competitive pace, means organizations across industries continue to pile investment into the technology— global IoT spend is tipped to rise from US$726 billion in 2019 to US$1.1 trillion in 2023, according to the IDC. 

But, as deployment increases in consumer-facing applications— away from warehouses, mines and production lines— businesses must seriously consider newly-emerging IoT data privacy implications. 

These new means of collecting data, frequently as a result of consumer actions or input, can mean consumers are largely unaware data is being collected, let alone what the nature of that data is or how it will be stored, processed and used, ultimately for a business’s commercial gain.  

Weighing benefits against costs

Rising concerns over IoT data privacy are particularly valid given a track record of data privacy blunders that have plagued those consumer-facing industries adopting the technology. 

Almost daily, there are reports of data being mishandled, left exposed or breached by a sweep of organizations in both the private and public sectors. As such, before adoption, businesses should consider the benefits against the potential damage of collecting much greater volumes of personal data.

Speaking on the use of the technology in the healthcare sector, Mark Wolff, Chief Health Analytics Strategist of SAS, stated: “perhaps the greatest opportunities for IoT in healthcare lie in helping clinicians make faster, more accurate diagnoses and more precise, personalized treatment plans.”

As an example, IoT-powered biometric authentication plays a significant role in reducing wait time by identifying patients through biological features such as fingerprints, face, eyes, and others.

Clearly, administration and documentation of medical records are simplified enabling healthcare staff to better tend to patients and proceed to diagnosis.

At the same time, however, while the technology carries some incredible benefits, insights from HIPP Journal revealed approximately 180 million medical records in the US have been affected by data breaches, resulting in the theft and exposure of highly-sensitive, personal data in the last decade. 

Without sufficient action towards data privacy, adding a proliferation of connected endpoints to the fray isn’t going stymie those figures. 

Pre-empting the growing risks

For now, however, few organizations seem perturbed by these vulnerabilities; IoT is growing at a steady pace as businesses continue to invest aggressively in the technology. 

Recognizing the transformation and innovation IoT brings to an organization, as well as the large investment in this industry, regulations and law enforcement to secure IoT data privacy will likely soon come into play. 

While consumers may not consider the implications of IoT data privacy today— and the rights they have to personal data collected— the issue will come to the fore as the technology begins to play an everyday role in society, and consumers begin to offer more personal data, which could relate to anything from biometric to health. 

Organizations can prepare by taking an up-front and transparent approach to their use of data collected, communicating its intended use clearly, and providing users the ability to control how it’s used. 

While they may not apply to all IoT use cases just yet, adhering to data privacy frameworks, such as GDPR, will put organizations in the best stead for when (at least) iterations of these rules apply.

Finally, organizations should consider privacy-enhancing technologies, such as encryption or distributed ledgers to manage data with less reliance on centralized storage methods.