Consumers increasingly depend upon IoT devices to help them do everything from improving sleep to monitoring blood sugar levels. In the process, they may be giving up more privacy than expected.
The good news: People are figuring out how to scale IoT systems at scale, pulling real-time analytics to deliver better healthcare, fleet tracking, and more. That's also the bad news.
It's bad because, as Derek Kravitz and Marshall Allen have detailed, the way sensitive personal data is increasingly being used will almost certainly upset even the most "I bare the buttocks of my life on Facebook" person. While IoT promises a utopian future, we're starting to see some of its dystopian present.
Getting personal in real time
As Avenade's Maria Muller has stressed, "No longer are analytics teams thinking about their daily, weekly, or quarterly reports. The demand for data, and understanding of it, needs to happen in real time." This is particularly true in IoT, which almost by its very nature demands real-time response to external triggers.
This may be even more true in healthcare, where a blood glucose monitor or implanted pacemaker can not only monitor patient health, but react in real-time to keep a heart beating regularly, for example. Over time, device manufacturers will almost certainly increase the range and criticality of such IoT devices, even as we move from "near real-time" to "true real-time."
They'll also keep pushing that data to places most consumers won't want.
Who watches the watchers?
For the price of reimbursement by an insurer, many consumers are shoveling their data to those insurers, among others. Or, as Kravitz and Allen point out, "Children undergoing genetic testing are sometimes outfitted with heart monitors before their diagnosis, increasing the odds that their data is used by insurers."
What about users of continuous positive airway pressure (CPAP) machines? "The data may be transmitted to the makers or suppliers of the machines. Doctors may use it to assess whether the therapy is effective. Health insurers may receive the data to track whether patients are using their CPAP machines as directed. They may refuse to reimburse the costs of the machine if the patient doesn't use it enough."
The day is coming (it may already be here) when someone's medical procedure won't be covered by that insurer because the insurer finds the patient wasn't walking enough, using their blood glucose monitor consistently, or some other infraction. Or, as Rakesh Agrawal has offered, "What's next? If you're involved in a car accident, a lawyer subpoenas your sleep records from the night before." Yes, we have HIPAA to protect patient privacy, but insurers are finding ways to work around this by going directly to our devices.
In theory, patient data can only be used if it's "donated," meaning that the patient consents to its collection and use. Most of us, however, don't fully understand that, as Kravitz and Allen write, our data "... can be packaged and sold for advertising. It can be anonymized and used by customer support and information technology companies. Or it can be shared with health insurers, who may use it to deny reimbursement."
We need better privacy protections from our governments or, at least, we need more vendors to be like Apple and make privacy a top concern.
- Apple's Tim Cook: Our personal data is 'weaponized against us' by you-know-who (ZDNet)
- IoT and the NHS: Why the Internet of Things will create a healthcare revolution (ZDNet)
- Internet of Things (IoT): A cheat sheet (TechRepublic)
- 4 best practices to combat new IoT security threats at the firmware level (TechRepublic)
- Why won't enterprises take IoT security seriously? (TechRepublic)
- Internet of Things policy (Tech Pro Research)