IAPP_Salary-Survey_300x250_FINAL
PrivacyCore_ad_300x250-01
S17_Banner_300x250-COPY
Tech trends: When IoT devices make headlines

We all know smart devices are becoming more and more popular, so much so that people cannot stop gushing about them. They are making their way to executive condos in Singapore and are dominating tech conferences, such as CES 2017.

But if you are embedded in the privacy and security industries, you are well aware of the potential privacy and security risks smart devices possess, like headline-grabbing ransomware attacks on smart homes and cars. However, a recent string of incidents proves you can never underestimate the strange places smart device issues can arise.

Case in point: Realtors and homebuyers are discovering houses with smart devices may pose problems if the previous occupant is still connected to the system. 

If the smart devices are not reset when the new owner moves in, the former inhabitant may still be able to control any number of devices, whether it’s a garage door opener, a thermostat, or keyless locks.

Maybe it's just another in a string of issues causing smart-device anxiety, but it may also shine a light on a bigger issue as well. A National Association of Realtors’ survey found only 15 percent of clients even inquired about smart technology in the homes they are considering.

This gives rise to an important question to consider: Are IoT device makers and marketers doing enough to educate their consumers and users about the privacy and security issues that come along with the product? Clearly there's a market for smart devices, and if companies want to maintain the trust of the customers, perhaps they should consider adding in bits of privacy education for consumers — whether it's through marketing, or an easy-to-read guide that comes with the package. 

But smart home devices are not the only IoT devices making headlines of late. 

Germany’s Federal Network Agency launched a strong campaign telling parents to destroy their child’s My Friend Cayla doll following privacy concerns surrounding its smart technology. Researchers found hackers can compromise the doll through an insecure Bluetooth device within the toy to listen to and talk to children playing with it from up to 33 feet away.

U.S. consumer groups have joined the crusade against My Friend Cayla, filing a complaint against the doll with the Federal Trade Commission.

Or, consider the newly rebooted Teddy Ruxpin doll that's coming out. Similar concerns could manifest with the glorious return of the 1980s icon, as the new Ruxpin allows children to follow along with stories through a smartphone app connected via Bluetooth.

Et tu, Theodore?

This isn't the first time smart dolls have made privacy headlines. Hello Barbie was perhaps the first to do so nearly two years ago. One mom actually sued Mattel over privacy concerns with the doll.

However, Mattel features a very easy-to-read webpage explaining their privacy commitment. This is a quick way to answer potential privacy concerns without requiring a consumer to read a 10,000-word privacy policy. But for those who do want to go deeper, Mattel has provided a well-organized and consumer-friendly privacy policy, with a clear way of contacting the privacy office with any questions or concerns. 

Of course, companies putting those statements out there better be following through on those commitments. If not, it's probably a safe bet the FTC will come a'knockin'. 

The Future of Privacy Forum has been active in the IoT space, providing tips for manufacturers of smart home devices and children's toys. In a recent Privacy Perspectives post, the FPF's Stacey Gray, CIPP/US, outlined the complexity of privacy in the "smart toy" market. She also echoed a mantra that privacy pros may hear often: Just because it's legal, doesn't mean it's right. Toy makers "can go beyond their legal requirements and really build privacy and security into the design of their toys," she wrote. She also provided a helpful set of tips for smart toy makers to consider. 

Smart devices, while growing in popularity, are still growing as an industry and will continue to do so at a dizzying pace. For now, when privacy and security professionals look at smart devices, they should look to these best practices and find creative and innovative ways to educate their consumers and convey their privacy commitment. 

Of course, as we forge further into an IoT-world, more devices will make headlines. Having privacy and security built in from the beginning, and a clear way to communicate those protections, will help companies stem the publicity challenges and maintain consumer trust. 

Top image courtesy of the Future of Privacy Forum

Written By

Ryan Chiavetta

1 Comment

If you want to comment on this post, you need to login.

  • Brian Levine Mar 1, 2017

    It's painful to see the abysmal level of security and complete lack of privacy/security considerations that went into the design and development of CloudPets-Spiral Toys product. Unsecured mongo-db publicly accessible on the cloud, weak passwords, un-authenticated access to S3 storage. It's clear the architect/engineers had no concern for security in their design. This is a complete failure from the top level down to make basic consumer protection a required feature of their products. For a small investment, basic mistakes like this are easily designed out or corrected after the fact. Is there any financial/legal recourse expected for Spiral Toys?

Related

Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

CIPP/E + CIPM = DPO

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

IAPP-OneTrust Website Scanning & Cookie Compliance Tool

Scan your website for cookies, tags, forms and policies and create a custom, dynamically updated cookie policy based on the results of your scans.

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

More Resources »

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds and unparalleled programs—plus a whole new spin on Active Learning!

Canada Privacy Symposium 2017

The Symposium returns to Toronto! Take advantage of Early Bird rates before March 31 and join your fellow privacy pros for a stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is SOLD OUT and the wait list is closed. If you got on the wait list, we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Join us in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens in May.

Europe Data Protection Congress 2017

Your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Registration opens in early June.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»