In an insightful commentary, author Andy Oram published an article on EMR & EHR about the difficulties involved in securing personal data in the Internet of Things (IoT), especially when wearable Health Tech devices are involved. In the article, he cites a report published last month by the Federal Trade Commission (FTC) on “Internet of Things: Privacy and Security in a Connected World.” The report grew out of an industry workshop hosted last fall, where participants explored the trade-offs between the benefits and risks of the data collected by IoT devices.
The report recognizes the risks involved simply by aggregating data. Seemingly unrelated data can be used to deduce or even identify individual information. (Remember the case of Target figuring out that a teenage customer was pregnant before her father knew?) Other risks include malicious control of devices through hacking and the use of IoT devices as gateways to gather data from other sources.
Oram raises a number of issues that need to be part of public debate about our personal data and how it is used. What sort of uses should require notification of the consumer, or require the consumer’s permission? How long should data be stored, and who should have access to it? Is extra data being collected that is not needed for the intended use? The FTC is charged with protecting consumers, and it is clear that there are a lot of complex questions that need to be addressed in order for the agency to fulfill this role.