Blog
Digital Trust

Safeguarding Consumer IoT Data: Trust and Privacy

Understand the security implications of IoT devices and learn how BSI is fostering trust to safeguard your personal data.

The expanding world of IoT devices and data security

In the ever-expanding realm of technology and interconnected smart devices, the Internet of Things (IoT) is advancing at a rapid pace.

According to Markets and Markets, the global IoT market revenue exceeded $300 billion in 2021, projected to double by 2026. These devices include consumer products such as smart doorbells, security systems, and smart speakers, are omnipresent in millions of households.

Consumer assumptions and trust challenges

Consumers bring these devices into their homes with the assumption that their data is being held safely and securely. However with an increase in the number of IoT cyberattacks worldwide, it's unsurprising that research from Thales shows an increasing lack of consumer trust across industries to protect their personal data, known as personal identifiable information (PII).

How can consumers feel more confident about the safety of their data, and why does IoT security matter?

Elevating security in the IoT landscape

IoT security helps ensure the confidentiality, integrity and availability of the information stored and transferred between devices, including personal data. As privacy is a pivotal aspect of IoT device purchase decisions, with consumers gravitating towards companies they trust to safeguard their data, it’s important that both security and privacy are addressed in IoT product design.

Consider smart alarm or home security systems, like BSI Kitemark certified Yale Smart Alarms, which operate through connected devices such as smartphones. Operating these devices generates data like time, date, and location, raising questions about data security. The correct handling of this data is essential to prevent potential exposure of consumer PII connected to the device and related security risks.

Without correct handling, the data held could reveal further consumer PII and leave people exposed to risk.

IoT manufacturers' duty of care

Manufacturers of IoT devices bear a responsibility towards the consumers who entrust them. Voice-controlled IoT devices exemplify data storage complexities, especially considering the global reach of these devices and their associated cloud services.

For instance, if a consumer utilizes an IoT device in the UK, their data is safeguarded under the UK GDPR. However, it's worth noting that these devices are often manufactured by global corporations that leverage worldwide cloud services, potentially resulting in data storage across various global locations.

As consumers introduce an IoT device into their homes, they inadvertently introduce the entirety of the company's supply chain and data security framework into their private spaces. This conveys the importance of manufacturers understanding the global implications and interconnectedness associated with IoT devices to deliver on the expected consumer trust.

Key IoT considerations for organizations

Organizations selling and storing consumer data through IoT devices shoulder a responsibility to foster consumer trust. To ensure consumer data and PII safety, organizations should:

Understand applicable privacy rules: Determine the relevant privacy regulations, such as GDPR in the EU, and prioritize consumer protection.
Minimize data gathered: Collect only necessary data to minimize risk.
Secure data: apply appropriate controls when data is collected, transferred or stored.
Anonymize data: Render consumer data anonymous to mitigate data breach risks.

Real data breach risks are a stark reality. IBM's 2023 Cost of Data Breach Report showed that 52% of all breaches involved some form of customer PII. Minimizing data collection and anonymization become critical to upholding consumer privacy.

While accessing such technology entails inherent risks, consumer trust is best served when companies prove themselves as reliable custodians of privacy and data.