Handling personal information, a salutary tale from the IOT
Connectivity is a reality, it’s part of our daily lives, and the ‘quantified self’ is a recognised phenomenon be it through wearable health and activity trackers or your smart phone. The personal information created must be taken seriously, and developers must not only deliver a great user experience but also consider the end user’s privacy as well.
Failure to take a considered approach can have dramatic consequences – witness the recent news story regarding We-Vibe1. The Canadian manufacturer launched a revolutionary adult toy incorporating Bluetooth connectivity that enabled users to control the device remotely with their phone. This was their USP, as it ‘allows couples to keep their flame ignited – together or apart’, but it appears the manufacturer also collected data on user’s habits. A security breach resulted in a class action in the Illinois federal court that ordered the company to pay a total of C$4m to customers whose data was compromised. It seems the poor security within their system allowed third parties access to personal information or even to control the devices themselves.
This story illustrates how privacy and security must be incorporated into the product development process from the outset to avoid costly and embarrassing (in more ways than one) ramifications once a product gets to market.
This is where medical device thinking is in advance of consumer products. Health information is considered private and privileged so it is closely regulated and only the unwary will develop systems and services without considering these regulations as they have real teeth. The Health Insurance Portability and Accountability Act (HIPAA) in the US governs how medical information is transferred, maintained, secured and utilised and the regulator can issue company fines plus company officers can face jail for up to 10 years. In the EU, its ISO27001 and the forthcoming European “General Data Protection Regulation” that mandate how personal electronic data is to be managed. It allows the regulator to impose a maximum fine of 4% of the total worldwide annual turnover of the preceding financial year for an offence.
While these penalties are a backstop, as I have mentioned in other articles, regulations and standards are not just inconvenient hurdles but useful sources of information to guide product development. They can be examined and distilled early in the planning process for any connected system across which information is transferred. Complying with the standards is achieved by implementing an effective strategy that ensures the system is designed and tested well.
With the correct handling of personal information the benefits of connected products can be fully realised. Consider for example:
- In the medical arena: Monitoring delivery of a therapy over time and correlating this against outcomes enables more effective interventions. Some are even closing the loop and linking delivery to patient monitoring, in effect updating a prescription in real time, automatically.
- In user studies: The ability to instrument products and investigate how users actually use them as part of their daily lives combined with the ability to monitor outcomes over extended periods will allow manufacturers to develop devices devices that meet user needs more effectively.
- In social media: While some information must always be confidential, in the age of social media many consumers are happy to share much more than you might expect. In sports this enables virtual competitions amongst groups or peers. Possibly a dubious feature for adult toys…
Seriously, each one of these examples can provide demonstrable benefits to both users and businesses but also the opportunity to violate privacy if the data generated is not handled correctly. The moment data can be tied to an individual, it becomes ‘privileged’ or ‘private’ and must be protected. Anonymisation of data may seem like a simple solution to these concerns – but of itself will not satisfy the regulations on two counts:
- Big data techniques are evolving apace with the ability to generate data. Whilst single data elements may be anonymised, analysis and correlation of multiple data streams and sources can be used to identify and ‘re-attach’ anonymised data to individuals.
- Much benefit is lost when the data is no longer tied to an individual because in general, examining usage patterns and interactions can lead to better understanding of user needs and better products.
Ultimately, we believe it is best to embrace the need to handle privileged information in a considered, measured and compliant fashion. This realises the commercial benefits of connected systems, serves as a barrier to entry to those unwilling or unable to take that step in a responsible fashion, and ensures the consumer stays in control whether in the bedroom or not!