Topics In Demand
Notification
New

No notification found.

Safeguarding Consumer IoT Data: Trust and Privacy
Safeguarding Consumer IoT Data: Trust and Privacy

April 16, 2024

16

1

The expanding world of IoT devices and data security

In the ever-expanding realm of technology and interconnected smart devices, the Internet of Things (IoT) is advancing at a rapid pace.

According to Markets and Markets, the global IoT market revenue exceeded $300 billion in 2021, projected to double by 2026. These devices include consumer products such as smart doorbells, security systems, and smart speakers, are omnipresent in millions of households.

Consumer assumptions and trust challenges

Consumers bring these devices into their homes with the assumption that their data is being held safely and securely. However with an increase in the number of IoT cyberattacks worldwide, it's unsurprising that research from Thales shows an increasing lack of consumer trust across industries to protect their personal data, known as personal identifiable information (PII).

How can consumers feel more confident about the safety of their data, and why does IoT security matter?

Elevating security in the IoT landscape

IoT security helps ensure the confidentiality, integrity and availability of the information stored and transferred between devices, including personal data. As privacy is a pivotal aspect of IoT device purchase decisions, with consumers gravitating towards companies they trust to safeguard their data, it’s important that both security and privacy are addressed in IoT product design.

Consider smart alarm or home security systems, like BSI Kitemark certified Yale Smart Alarms, which operate through connected devices such as smartphones. Operating these devices generates data like time, date, and location, raising questions about data security. The correct handling of this data is essential to prevent potential exposure of consumer PII connected to the device and related security risks.

Without correct handling, the data held could reveal further consumer PII and leave people exposed to risk.

IoT manufacturers' duty of care

Manufacturers of IoT devices bear a responsibility towards the consumers who entrust them. Voice-controlled IoT devices exemplify data storage complexities, especially considering the global reach of these devices and their associated cloud services.

For instance, if a consumer utilizes an IoT device in the UK, their data is safeguarded under the UK GDPR. However, it's worth noting that these devices are often manufactured by global corporations that leverage worldwide cloud services, potentially resulting in data storage across various global locations.

As consumers introduce an IoT device into their homes, they inadvertently introduce the entirety of the company's supply chain and data security framework into their private spaces. This conveys the importance of manufacturers understanding the global implications and interconnectedness associated with IoT devices to deliver on the expected consumer trust.

Key IoT considerations for organizations

Organizations selling and storing consumer data through IoT devices shoulder a responsibility to foster consumer trust. To ensure consumer data and PII safety, organizations should:

  • Understand applicable privacy rules: Determine the relevant privacy regulations, such as GDPR in the EU, and prioritize consumer protection.
  • Minimize data gathered: Collect only necessary data to minimize risk.
  • Secure data: apply appropriate controls when data is collected, transferred or stored.
  • Anonymize data: Render consumer data anonymous to mitigate data breach risks.

Real data breach risks are a stark reality. IBM's 2023 Cost of Data Breach Report showed that 52% of all breaches involved some form of customer PII. Minimizing data collection and anonymization become critical to upholding consumer privacy.

While accessing such technology entails inherent risks, consumer trust is best served when companies prove themselves as reliable custodians of privacy and data.

Building trust in IoT

We are committed to building consumer trust through various initiatives, including the introduction of the BSI Kitemark for IoT devices.

The Mark of Trust process ensures continuous assurance, from product application to scheme updates, protecting consumers at every step.

Through audits, product testing, and factory inspections, we signify trustworthy products, fostering confidence in an increasingly digital world.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.