*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/Eb-nbGh_BYE/how-safe-and-secure-are-wearables.html
The ‘wearable technology’ market has been exponentially growing in recent years and is expected to exceed 830 million devices by 2020. One of the key drivers pushing this rapid expansion are fitness trackers, namely wristband tech and smartwatch apps which monitors our daily activity and health. But as we integrate wearables devices seamlessly into our everyday lives, what are the privacy and security risks they pose? How should wearable manufacturers and app developers be protecting consumers?
Insurance company Vitality offers customers a heavily discounted Apple Watch to customers in return for their fitness routines and health data, the more activity you do each month, the greater your reward through a monthly discount. While this exchange of information for rewards provides a great incentive for consumers to improve their health, the personal data consumers are sharing in return has a tangible value for the insurance company. However, providing an insurance company with a daily data breakdown of one’s health is an unacceptable tradeoff for some, regarding such a practice as an invasion of their privacy.
As of May 2018, all EU citizen’s privacy rights are legally protected by the General Data Protection Regulation (GDPR). GDPR compliance is required by all companies which process EU citizen data, including those based outside of the European Union. The privacy regulation requires wearable device and app providers to obtain each EU citizen’s explicit consent before collecting their personal information, they must also clearly explain what types of personal information they intend to collect, how they intend to use the data, and inform consumers about any other organisation they intend to share their data with. If they don’t, wearable tech firms and app providers should brace themselves for heavy fines by European Information Commissioners.
For further details about the GDPR requirements and for Wearables Software Development Security Advice, read my IBM developerWorks 3 part guidance “A developer’s guide to the GDPR” and my Combating IoT Cyber Threats
Wearable personal data is also of value to hackers and criminals, for instance, your fitness routine provides a clear picture of the best times to burglarise your home. With personal consumer data potentially at stake, fitness wearable manufacturers should incorporate both default privacy and security standards into the infrastructure of the device, to help ensure personal information remains safeguarded from known and future cyber threats. UL, a global safety science company, has developed testing for cybersecurity threats and offers security verification processes to assist manufacturers in assessing security risks and helping mitigate them before the product even goes to market. If the industry takes these steps, wearable consumers will feel safe and secure as they reap the intended benefits of this new innovation, while the wearables industry will be well positioned to meet the promise of its growth projections.