Legal Considerations for the Internet of Things
December 19, 2016
The Internet of Things (IoT) is upon us. It has grown enormously and will continue to grow exponentially in the future. The Internet of Things as described by Eric A. Fischer, senior specialist at Congressional Research Service, is “networks of objects that communicate with other objects and with computers through the Internet.” This mean anything that connects to your computer or wireless network could be a security risk, including refrigerators, washers, coffee pots, and furnaces. Cloud service providers, such as TOSS C3, can help you control the data coming into your network.
Security
Laptops, phone, and tablets are not an uncommon staple at work. For many people these items are requirements to perform their jobs adequately and efficiently. These items are now considered the norm and IT departments, either independently or through the cloud, acquire third party software to keep these items safe.
According to TechTarget, a secure device, or secure container, is “a third-party mobile application that is used to separate and secure a portion of a device’s storage from the rest of the device.” The problem with IoT devices is the lack of security.
Do you think light bulbs could be an issue? According to Computer Weekly, “The smart light bulbs, designed to be controlled from a smartphone…researchers found this did not mean they were secure…Using a combination of hardware hacking, protocol analysis and reverse engineering, the researchers were able to…use a wireless laptop to request Wi-Fi credentials from a light bulb over the unsecured mesh network.”
How Big is The Internet of Things Really?
Unless you are a high tech guru who buys everything as fast as it comes out, then you may not realize the size of the problem handed to us. There are watches, glasses and even clothes that will send information over the Internet. All of these items send out signals, and these signals can be high jacked. Granted most people are not going to come into your office and have their watch connect to your network so you can read their vitals, but employees can be a bit overzealous with their ‘cool’ toys, and that can provide a danger for your networks.
InformationWeek reported, “‘as of today, information collected via devices generally can be used for almost any purpose, which is pretty scary as a consumer. It’s also scary for businesses, because there are a wide variety of instances where issues can arise,’ said James Goodnow, a partner at law firm Lamber Goodnow, in an interview.”
The Reason this Could Cause Legal Ramifications
Not all information received is information we are allowed to have. Companies may have employees use specific wearables for wellness reasons, which in turn can help their healthcare premiums. Goodnow states, “Right now, it’s probably not a good idea for employers to collect that information, because the laws are unclear and you may be setting yourself up for problems.
If you’re collecting health information and it’s decided the person needs to be terminated, you’ve exposed your company to liability. The information you’ve collected may show a disability by tracking heart rate or activity or that someone isn’t as healthy as they should be.” The bottom line is, who has access to your personal data?
Legally, any company collecting data is responsible for that data. If that data was not authorized, then the company could be held liable. It is very tough for companies to frame proper consent clauses, because the average user will not understand the implications behind the technology.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.