IoT also known as the internet of things is one of the most talked of concepts in the world of internet. Basically, IoT allows communication of devices, machines and components using electronic sensors for effective monitoring and performance, all this without human intervention. Recently, privacy regulators worldwide have raised the issue of lack of data privacy and security surrounding the IoT industry.
All known privacy regulations focus on privacy right for an entity. Till now the entity is identified as a human but not a sensor. Many cybersecurity experts have stressed on the importance of user training and behavioral changes as an effective tool for combating privacy related issues. How can you apply the same principles to sensors?
Overall privacy experts agree that a thorough assessment, design and implementation changes are required to the privacy frameworks for IoT especially in the following areas:
- Privacy needs to be embedded in the device
All manufactures of IoT sensors should be forced to follow a strict agreed upon protocol for preventing leakage of personal information, and non-identification.
- Encryption is your best friend
All communication to and from the IoT sensors should be protected by the principles of data-in-motion. This includes employing SSL and VPN’s for secure transfer of signals.
- Store data responsibly
This includes storing only the bare minimum amount of information required as well as employing the best identity access management tools for proper authentication and authorization to the store data.
- Adopt strict design and development frameworks like Privacy by Design
Frameworks like Privacy by Design ensure that the developers have treated privacy and security as an integral part of the software design. Usually, the security layer gets implemented in the latter stages of the software timeline. Doing so significantly reduces the effectiveness of the security controls.
With great innovation comes great privacy risks. In recent times regulations like EU’s General data protection regulation also known as GDPR have tried to address the issues surrounding IoT devices and their networks. Keeping in mind the fact that IoT sensors are not humans it remains to be seen how organizations effectively cope with these newly introduced laws. The adoption of IoT has already reached explosive numbers. The challenge is real but are we prepared?