FTC Releases Report and Practical Advice on the Internet of Things

On January 27, 2015, the Federal Trade Commission (FTC) released a staff report entitled “Internet of Things: Privacy & Security in a Connected World.” This report suggests steps businesses can take to protect consumers’ privacy and security as they use objects that connect and send data to the Internet.

InternetOfThings-01The FTC Staff Report defines the Internet of Things (IoT) as “the ability of everyday objects to connect to the Internet and to send and receive data.” Examples of such objects are bracelets that track fitness activities and share the data with friends, cameras that post pictures online, RFID tags to monitor inventory, and home automation systems to monitor lights, temperature and security and report to homeowners when they are away. In health care, such objects include medical devices that monitor vital signs and other patient data, such as insulin pumps and blood pressure cuffs, and then share this data with physicians and caregivers. Basically, the IoT is “essentially any other Internet-connected device that isn’t a mobile phone, tablet, or traditional computer.”

The number of “things” connected to the Internet is greater than the number of people, and, as of this year, there will be 25 billion devices connected to the Internet. But this increased connectivity comes with increased privacy and security risks. First, financial and personal data stored on these devices can be stolen. Second, when the objects are connected to a network, security vulnerabilities in the objects may Continue reading

The FTC: Watchdog for Privacy and Security of Sensitive Personal Data

Data transmissionThose who dwell in the world of health care privacy and security know well that the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is the federal agency that issues the regulations, provides guidance and ultimately enforces the complex requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic & Clinical Health Act of 2009(HITECH).  But we also know, as citizens of the 21st Century, that privacy and security concerns extend far beyond insurance claims and health records in our doctors’ offices.  With every new smartphone we indulge in, every online purchase we make, every retail loyalty program for which we register, we share valuable chunks and tidbits of data about ourselves that now can be used to tell others far more about us than we ever would have dreamed possible, or probably desire.  The internet and astounding connectivity of so many technological devices, both consumer and commercial, allow extremely private and sensitive information to be accessed by parties we do not know and cannot imagine, for both our benefit and detriment.  Continue reading