How To Protect Private Information When Using Sensors

Sensors are meant to keep people safe. However, not enough is being done to protect the extremely sensitive information that sensors collect about people, which negates efforts to ensure safety through the deployment of IoT devices and erodes consumer trust in them. Creating privacy policies for sensor data and educating consumers on these policies will help maintain confidence in sensors and make them more effective at what they’re designed to do.

 

Considerations For Privacy By Design

 If you’re collecting consumer data, it’s key to be transparent about it. But before we get into more about privacy policies for sensor data, let’s think about data minimization. Regulating the amount of data that can be collected about consumers will reduce the amount of headaches around privacy protection, which means reducing risk of reputation damage for service providers and the organizations deploying their products. Retaining and using the least amount of information necessary to carry out the functions that consumers expect from sensors is a smart practice.

Giving consumers more control over the data that is collected, as long as the controls are not too complicated for the average tech user to grasp, can also serve as built-in privacy protection.For instance, if certain data is no longer needed from employees due to a change in company policy, allow the company to have the unnecessary data about their employees deleted or made anonymous. And if a device is decommissioned by a company, allow complete data deletion or a reset of the device to factory settings.

Enabling selective sharing for consumers will also help mitigate breaches in personal security. Many consumers already expect that their data is only being shared with certain trusted people who need it. For example, the staff and residents at an assisted living center may think the information being collected from wearable health monitoring devices is only being seen by staff, residents’ doctors, and residents’ families. If an organization, like an assisted living, could give data access only to people with need to know and for a limited amount of time, everyone would be safer and more trusting of the deployed devices.

 

 

Open Privacy Policies About Sensor Data

 It’s important that the privacy policy and messages you craft around data sharing are honest and easy to understand at all levels of technical knowledge. The biggest things to cover are:

  • Who is collecting the data (allowing users to verify your identity is a good idea)
  • What data is being collected
  • Why it’s being collected
  • How it’s being collected
  • What measures you’re taking to secure the collected data

In regard to measures for protecting consumer data, keep in mind that third parties should be held to the same standards as service providers. When a service provider shares data with an outside entity, the security measures they outlined for their customers do not become null and void. If a third party is careless about personal data, the service provider who supplied it will ultimately be responsible for damages caused to the consumer.

If privacy and security updates are needed throughout the life of your product, clearly express this to the consumer in your messaging, as well as how the updates can be made. People often forget or don’t even know that security systems on their devices expire. Make it easy for customers to contact you with questions and concerns about using your product. This can help prevent small issues from becoming bigger issues and improve customer assurance.

You should also make it easy to opt out of data sharing with visible opt-out messages. Service providers typically make opting in the default through implied consent, but consumers’ consent should not be implied when it comes to using and selling their private personal information. A company might say, for example, that when an individual purchases a smart speaker and places it in their kitchen, they’re implying that it’s OK for the speaker sensors to collect information about things they do and say in their home and for the company to sell that information to a third party. However, the consumer might not have any idea that this data collection is a consequence of using the speaker. For the security and satisfaction of customers, it’s wise to adopt a policy of informed consent, where customers are made fully aware of how information is collected on them when using a product and where they have the ability to opt out of data collection that isn’t necessary for the product to work as they expected it to.

inQ is a leader and trusted partner for sensor identity and security management software. We’re here for you if you need help with your sensor security initiative.  Please contact us.