In this IoT environment, CIOs cannot abdicate all legal considerations related to big data and newer technologies to their firms' legal counsel. Instead, they must be aware of security, data privacy, legal, and regulatory implications when leveraging sensors and IoT applications as well as digital data streams.
Many aspects of IoT will make information security harder. For example, intrinsically distributed devices increase vulnerability to physical attacks as well as all of the typical methods of compromising software. But connected relationships inherent in IoT have further implications for security. Not only does IoT increase the number of relationships organizations must manage, it also increases the number of relationships that require mutual trust. If organizations are interdependent, then weaknesses in one affect many others. In an interdependent ecosystem of data, getting value from data depends on its accuracy. Does the absence of washing machine telemetry mean that no one is doing laundry or that a partner is no longer sending data? Can self-serving partners spoof usage data, leading to incorrect revenue sharing? Can competitors eavesdrop on or manipulate data passing through multiple networks that WASH does not control? Has inaccurate analysis led to systematically incorrect pricing that will affect revenue and customer satisfaction for everyone?
Asking the right questions can make the difference between significant liabilities and competitive advantage. Matt Mousley, partner at DuaneMorris, at a recent Advanced Practices Council meeting,
provided some questions to consider when providing or purchasing an IoT-related product or service:
Who is providing each layer of the back-end service?
Where is the provider located?
What does the provider provide and get?
What contractual terms apply to each layer?
What standards of data security apply at each layer?
What standards of data privacy apply at each layer?