Six things you need to know about IoT security


The its smart TV owner data. As outlined in a recent IEEE IoT newsletter, good transparency principles aren’t exclusive to IoT, but require understanding that privacy threats in an IoT system are unique and require transparent disclosure related to three inputs:

  • Personal data collected or generated
  • Data actions performed on that information
  • The context surrounding the collection, generation, processing, disclosure, and retention of this personal data

This isn’t only a question of a company doing right by its consumer base. For example, (GDPR) in Europe seeks verifiable consumer agreement to how each of these three inputs are managed via notice and consent. In general, it’s best to state your data collection practices, as well as privacy, security, and support policies, in an easily discoverable location on your company website, which can be reviewed prior to purchase or service opt-in. Further, disclose what and how features will fail to function if users decline to consent.