Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

On the Twelfth Day of Privacy, My True Love Gave to Me …. 12 Different Types of Wearables!

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

And what will that new gadget be spilling about you??

 Written by Julia Siripurapu, CIPP

There is no doubt that wearable devices are among the hottest gifts of the season! From fitness bands and smart watches to wearable cameras and the Google Glass, there is definitely someone on your list (including you!) who may benefit from a wearable gadget. While wearable technology has great potential to improve our lifestyle, health, and even work productivity, it also causes concern for current and future users.

A recent PricewaterhouseCoopers study on wearable technology that surveyed 1,000 consumers and individuals working in the wearable tech industry over a period of several months reported that about 1 in 5 American adults own a wearable device and that “this year, if estimates hold, the wearable tech industry is expected to ship 19 million devices, from smartwatches and headsets to activity trackers.” According to the study, while price is the primary factor preventing broader adoption of wearable technology, privacy and security of personal information are at the top of consumers’ list of concerns about wearable devices.

So before you fire up that wearable gadget, here are some things you should keep in mind:

 

  1. Be aware of what personal data is collected by your wearable gadget.  The default privacy settings of a wearable device typically enable all of the features of the device which may lead to unwanted information collection and sharing. For example, a fitness band like Fitbit allows you to share fitness goals with friends who are also Fitbit users by giving the device provider access to your smart phone’s contact list, to send status updates to your Facebook account, to share data with an employer as a part of an employer wellness program, and when you enable location features, your running location data is displayed on a map. For a detailed discussion of privacy concerns related to location data please see our prior blog post here. So check those privacy settings and, if you want to limit the amount of information collected through your wearable device, manage your privacy settings and consider switching off the device when not in active use.
  2. Understand how your personal data is used and shared.  While we agree that many privacy policies and terms of use for wearable devices are far from clear and straightforward, you should be informed of how your data is used, whom it is shared with, and who has access to it. Earlier this year, Senator Chuck Schumer (D-New York) warned consumers that fitness device companies like Fitbit could sell their personal information collected via the fitness bands to third parties without consent and urged the Federal Trade Commission to require the fitness device companies  to revise their privacy policies to clearly explain to users how their data is used and give them the right to opt-out before their data is shared with third parties.  
  3. Keep security threats in mind.  As with any emerging technology, wearable devices are prone to new security threats and vulnerabilities that are not yet well understood.  Given the vast amount of information that can be collected from your wearable gadget and the heightened possibility for security flaws, be mindful and beware of how much information you make available through that gadget. For example, your running activity tracked by a fitness band (which may include your exact location) reveals when you are not at home and could make your home that much more vulnerable for a break-in.

As the adoption rate of wearable devices increases, employers must revisit their BYOD policies to accommodate wearable tech and account for the challenges and risks that come along with these gadgets, such as data leakage and network security vulnerabilities. We tackled this topic in a prior blog post over the summer, so please click here for an in-depth discussion of wearable devices in the workplace.

There is no doubt that this is just the beginning of wearable tech and we expect to see a lot of action in this space in 2015, both in terms of technology development and regulatory monitoring.

PricewaterhouseCoopers stated in the study mentioned above, that their “research shows that there is a wearable future around the corner, it’s more immediate than we think-and it can dramatically reshape the way we live and do business.” Both tech giants and venture capital firms are certainly focused on this market and are making investments in further development not only on the consumer front but also on the enterprise front.

Lawmakers are also going to keep tabs on wearable tech in 2015! Chairwoman Edith Ramirez told POLITICO in September that “the Federal Trade Commission is worried about consumer-generated health data” and “reiterated a call she has made since 2012 for Congress to pass baseline privacy legislation that would cover wearables and consumer health data.” While recognizing that “wearable devices can help consumers stay fit and healthy” Chairman Ramirez also stated that “as these devices become more popular, it’s especially important that they keep our health information private and secure.”

Happy Holidays to all and wishes for a breach-free New Year!