Privacy has become a major issue around the world. Hopeful presidential candidates, such as Elizabeth Warren, have proposed privacy legislation and European countries are beginning to issue their first judgements based on GDPR violations. Given this evolving environment, the Internet Society participated in a panel on data privacy at the ISC-West conference on 11 April 2019.
The conference was sponsored by ADT, one of the largest home security companies and an Internet Society organizational member. The panel included Frank Cona from ADT, Dylan Gilbert from Public Knowledge, Brandon Board from Resideo, and Kenneth Olmstead from the Internet Society.
The discussion focused on two main themes. The first was that in the data-driven economy, user agency is more important than ever. Users must be able to ask companies what data they have about them and be able to update or delete that data. The second was that companies must put privacy at the forefront of their business practices. Privacy cannot be an afterthought, but must be the starting point.
There was not consensus among panelists regarding whether there will be Federal privacy legislation at some point, but it was clear that the security industry should do its best to implement privacy practices, regardless of regulation. All panelists agreed that privacy can be a market differentiator – it is in companies’ interest to protect their users’ data.
Home security companies, like ADT, are in an interesting position given that the data they can collect is unique. Security systems can monitor who is in the home, when they come and go, and even where they are in the home (among many other data points). The panelists from the industry made it clear that their companies are keenly aware of this and that protecting user privacy given the sensitivity of this data is paramount.
An interesting question from the audience was whether there is a company or organization that offers a “trustmark” of sorts to help companies show that their privacy practices are robust. Here again the consensus of the panel was that no such mark exists at the moment, but it would be helpful to both consumers and companies if it did. It would, in effect, give users information about which companies to trust with their data and help companies communicate to their users that their data privacy practices are effective.
The Internet Society’s position on these issues is clear. Data privacy is extremely important to ensuring trust in the Internet itself. The home security industry relies on the Internet to provide service, and as a result has a vested interest in protecting user data and ensuring that users can be confident their data is safe.
We encourage manufacturers and service providers in the home security industry to follow the principles in our IoT Trust Framework, which outlines security and privacy best practices for devices, mobile apps, and backend services comprising today’s IoT solutions. Working with Consumers International and Mozilla, we recently called on big retailers in the US like Target, Walmart, Best Buy, and Amazon to publicly endorse and apply our minimum security and privacy guidelines and stop selling insecure connected devices. In addition, tomorrow (16 April), we’re releasing our 10th annual Online Trust Audit & Honor Roll, which assesses 1,200 organizations and recognizes excellence in consumer protection, data security and responsible privacy practices. Read more about it tomorrow.