Cyber security specialist on the benefits and risks related to data obtained by personal devices
Every aspect of modern life from our exercise regime, our homes and our businesses are becoming more connected, writes Aegis London cyber security specialist Joe Hancock. For the first time, a FitBit wearable device is likely to be used in a court of law and may affect the outcome of an insurance case. Personal data from these devices or from others in the home, could now be discoverable as part of a claim investigation or used to prove or disprove various events. Recently in Canada, this information was viewed as ‘electronic information’ by the court of appeal and could be disclosed.
New class of data
The data collected by such devices is described as a “new class” of personal data, however it remains to be seen whether it will be explicitly classified as such. It is our belief that ultimately it will be, as international privacy law of typically considers similar data relating to consumers energy consumption to be personal. In turn, this will likely increase the volumes of personal data now held by organisations that have traditionally held simple payment and address data such as those in the sports and fitness sector and the risk it creates.
In tracking and monitoring applications today, whether delivered by smartphone or by a wearable device, internet based cloud services often play a key role. The risks associated with a breach of these large scale cloud data stores are now much higher than before, especially where the data held identifies the location of users or is considered sensitive health information. This information that can be used by an individual to support their health and activity goals could be used to demonstrate mobility and location in the event of an insurance claim or for more nefarious purposes.
Risks posed by loss of data from wearable tech
The security risks around data loss from these devices include locating device users, embarrassment and blackmail or profiling of individuals. The risk of ‘stalking’ or locating users from their wearable devices is possible but unlikely. Similar concerns were voiced around contactless cards, being able to track individuals and their consumption habits and have not materialised.
It’s not just personal tracking technologies that have these issues. The future of the connected business will see similar data collection and management in the workplace, bringing with it huge benefits to numerous sectors, including healthcare.
Remote monitoring is likely to be a key element in the future of healthcare service provision; moving care from hospitals into the home, supported by technology. The risks to health information are well known and an increase in this type of data will heighten the risks involved. A move to connected medical devices, such as pacemakers, also highlights areas of clinical risk and potential physical harm.