IoT businesses fall behind with privacy concerns

It has been revealed that 71% of devices do not provide a privacy policy that adequately explains how personal information is managed.

This finding comes from a Global Privacy Enforcement Network (GPEN) review that took place in April 2016, where privacy enforcement authorities examined the way in which more than 300 Internet of Things (IoT) devices communicate with customers about privacy.

The review noted how privacy information was communicated, how personal information was collected, stored and distributed, as well as the controls businesses provide to consumers to help them manage their own personal information.

In Australia, 45 different devices were inspected, including fitness and health monitors and ‘smart’ travel locks and thermostats from both multinational and start-up companies.

All businesses are encouraged to adopt a privacy-by-design approach, which creates a strong framework for the protection of personal information. Start-up business owners may be subject to the Privacy Act if they trade in personal information or deal with health information. They will be covered once they reach an annual turnover of more than $3 million, and will thereafter be required to build in privacy procedures.

Businesses offering IoT devices to Australians can create stronger privacy frameworks by developing privacy policies that address IoT privacy issues and which are easy to read. They should also outline to their customers how personal information is collected, used, disclosed and stored, as well as notifying them how they can access and control their information. It is also essential to provide timely advice to customers who are seeking information about privacy practices.

Image credit: ©stock.adobe.com/au/Vege