From the Blogosphere
Internet of Things Policies Required By @Vormetric | @ThingsExpo [#IoT]
IoT policies for personal data need to break down into eight key areas
By: Vormetric Blog
Mar. 27, 2015 07:00 PM
IoT – Enterprise-Ready Policies for Personal Data Required
By Andy Kicklighter
Given the current global furor over continuing data breaches, Edward Snowden disclosures, the hue and cry around NSA data collection from mobile phones and mobile encryption, now is a good time to stop and think before we plunge wholesale into even more extensive collection of personal information from IoT environments and devices.
Think how much worse a breach of data could be if it includes full profiles of people’s movements, actions, eating habits, purchase preferences or even more personal information. Consider at the same time the potentials for abuse if this information is improperly handled or made available.
It seems inevitable that legislation will lag our technical capabilities for collection and use of data, but that there will eventually be a reckoning with the public. Given that coming day, organizations that have put in place the policies and procedures for both the use and safeguarding of data coming in from the coming IoT tsunami will be both better perceived by the public, at an advantage against competitors, while also being ready for regulators. Properly structured policies, followed to the best of ability, will show good faith in preserving public rights and trust.
There will of course need to be variations in policy – Even within a field like healthcare different policies will be required based on data type and usage. For instance, a patient’s health records as used by a primary care provider, versus data collected by researchers working on lifestyle and experimental studies. In one case permanent storage and protection is required, in the other most people would prefer that personal data is anonymized appropriately and early in the usage process.
From my point of view, these policies need to break down into eight key areas:
To close this out, you’ll find below one sample policy set built using these principles … See what you think.
In this example we’ll use a health and activity monitoring smartwatch with a back end application that tracks and displays activity, pulse rate, sleep patterns, and (just for grins) also feeds back GPS data about where you’ve been, linked back to a mapping function that tracks eateries (You went to Krispy Kreme again? Oh man, you just lost points). You have to register at a portal to be able to use the device, and there is a light yearly fee (allowing them some real tracking of who exactly you might be).
The post IoT – Enterprise-Ready Policies for Personal Data Required appeared first on Data Security Blog | Vormetric.
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week