"I like it private but not too private" was the way Carsten Casper, Gartner's managing VP opened his talk this morning at the 2015 Gartner Security and Risk Management Summit. The talk, titled 'Privacy and The Internet of things: How to Avoid Crossing The Creepy Line,' dealt with growing tension between the expanding capacity for data collection via the internet of things and the need to respect consumer privacy.
Casper made It plain that while the Internet of Things (IoT) provides companies with new ways to collect and exploit information, that opportunity comes with considerable risks too. London's smart bins which collected the data of passing mobile phones were met with suspicion and open hostility when revealed to the public and firms appear to be taking on the lesson of crossing that "creepy line." According to the Gartner 2015 Risk and Security Survey, 45 percent of surveyed firms were concerned about the reputational damage that data collection through IoT could bring.
Casper reminds us that there is, of course the inverse risk; being too cautious and missing out on potential market share. The survey also shows that 32 percent of firms are concerned about getting fined for corporate non-compliance with privacy laws. He warns against the use of "redundant infrastructure to comply with national privacy laws."
So where does the "creepy line" lie? Well, Casper tells us that it can depend on the age of the consumer. For "those who lived through the (Berlin) wall," privacy might be sacrosanct and all data collection might appear to them as obtrusive. However, if you are "marketing to digital natives who have grown up with this technology" then they will probably be more receptive to benign data collection.
And how to avoid crossing the line? Casper says: "This is not a job for the information security officer alone," it's a job for management too. By shifting this responsibility from an individual to the organisation, firms might avoid risk. Transparency is the key: Above all, by being transparent, being honest with customers and keeping the "creepy line" in mind, firms can handily avoid crossing it.