Internet of things, data security and privacy

I’ve been attending the 36th International Conference of Privacy and Data Commissioners in Mauritius, presenting on the Internet of Things (IoT) privacy and security to the attendees.

Kate Carruthers
Pic of Kate Carruthers by John Edwards, NZ Privacy Commissioner

It has made me very conscious of the tension between privacy/security and the drive to bring products to market quickly.

Further, it seems that the challenges of data protection have not been fully considered for many Internet of Things products and services.

An important realisation has been that we are building the Internet of Things on the somewhat rickety security foundations provided by the existing internet. We face a situation where many devices cannot apply security patches because source code is not available.

Finding way to build a safer and more secure Internet of Things and to ensure that we do not increase risk for business and consumers is critical.

An interesting approach to privacy is that taken by the Apple privacy team, who had some people in attendance at the conference. Their inclusion of privacy engineers into development teams seems like a good approach. The idea of privacy by design seems like a useful and pragmatic way to ensure that privacy is not a mere afterthought in the design and product engineering process.

Will post my slides on SlideShare shortly.

Author: Kate Carruthers

Kate Carruthers is Chief Data & Insights Officer for UNSW Sydney, and is also an Adjunct Senior Lecturer in the School of Computer Science & Engineering. She is certified in information security and is currently undertaking postgraduate studies terrorism and security. Kate has extensive experience in senior roles in ICT, marketing, data and digital; and is a member of the NSW Government’s Data Analytics Centre Advisory Board. Kate is currently working at the intersection of data analytics, AI, ML, privacy, cyber security, and data protection.