The good news: People are figuring out how to scale IoT systems at scale, pulling real-time analytics to deliver better healthcare, fleet tracking, and more. That’s also the bad news.

It’s bad because, as Derek Kravitz and Marshall Allen have detailed, the way sensitive personal data is increasingly being used will almost certainly upset even the most “I bare the buttocks of my life on Facebook” person. While IoT promises a utopian future, we’re starting to see some of its dystopian present.

SEE: Research: Defenses, response plans, and greatest concerns about cybersecurity in an IoT and mobile world (Tech Pro Research)

Getting personal in real time

As Avenade’s Maria Muller has stressed, “No longer are analytics teams thinking about their daily, weekly, or quarterly reports. The demand for data, and understanding of it, needs to happen in real time.” This is particularly true in IoT, which almost by its very nature demands real-time response to external triggers.

This may be even more true in healthcare, where a blood glucose monitor or implanted pacemaker can not only monitor patient health, but react in real-time to keep a heart beating regularly, for example. Over time, device manufacturers will almost certainly increase the range and criticality of such IoT devices, even as we move from “near real-time” to “true real-time.”

They’ll also keep pushing that data to places most consumers won’t want.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Who watches the watchers?

For the price of reimbursement by an insurer, many consumers are shoveling their data to those insurers, among others. Or, as Kravitz and Allen point out, “Children undergoing genetic testing are sometimes outfitted with heart monitors before their diagnosis, increasing the odds that their data is used by insurers.”

What about users of continuous positive airway pressure (CPAP) machines? “The data may be transmitted to the makers or suppliers of the machines. Doctors may use it to assess whether the therapy is effective. Health insurers may receive the data to track whether patients are using their CPAP machines as directed. They may refuse to reimburse the costs of the machine if the patient doesn’t use it enough.”

SEE: What is the Internet of Things? Everything you need to know about the IoT right now (ZDNet)

The day is coming (it may already be here) when someone’s medical procedure won’t be covered by that insurer because the insurer finds the patient wasn’t walking enough, using their blood glucose monitor consistently, or some other infraction. Or, as Rakesh Agrawal has offered, “What’s next? If you’re involved in a car accident, a lawyer subpoenas your sleep records from the night before.” Yes, we have HIPAA to protect patient privacy, but insurers are finding ways to work around this by going directly to our devices.

In theory, patient data can only be used if it’s “donated,” meaning that the patient consents to its collection and use. Most of us, however, don’t fully understand that, as Kravitz and Allen write, our data “… can be packaged and sold for advertising. It can be anonymized and used by customer support and information technology companies. Or it can be shared with health insurers, who may use it to deny reimbursement.”

We need better privacy protections from our governments or, at least, we need more vendors to be like Apple and make privacy a top concern.