NEW YORK: The ‘Internet of Things’ includes gadgets bought by consumers, as well as business products and services that ‘communicate’ with each other
Guidelines are currently only suggestions firms are encouraged to follow
But, FTC called on Congress to consider legislation to cover data security
One of the biggest concerns about smart household gadgets is how much data they collect and share about users and their home.
And, with this in mind, a US government consumer watchdog has laid out guidelines that call for increased privacy and security across connected devices, for fitness, smart homes and other uses.
At the moment, the guidelines are only suggestions and ‘best practices’ that companies are encouraged to follow, but the agency did call on Congress to consider legislation to cover such data security.
The guidelines were announced by Federal Trade Commission chairwoman Edith Ramirez at the State of the Net conference in Washington.
‘Not only is deeply personal information at stake but as users have more and more devices it means there is more potential for exposure,’ she told attendees.
‘If you want these new technologies to flourish, you want to make sure consumers understand what is happening, understand what is being collected, with whom that information is being shared, how this information is being used.’
As part of the report, the FTC recommends a number of actions.
These include building security into devices at the outset, training employees about the importance of security, adding measures to stop unauthorised people accessing the device or network, and monitoring connected devices and providing security updates as soon as risks are identified.
Last year, the FTC studied 12 mobile fitness apps and found they shared data with 76 separate entities.
Ms Ramirez continued: ‘If I’m wearing a fitness band that tracks how many calories I consume I wouldn’t want to share that data with an insurance company.’
The FTC report made no specific legislative recommendation for IoT but said ‘there appeared to be widespread agreement that companies developing IoT products should implement reasonable security.’
The report added: ‘The Commission recognises this industry is in its relatively early stages [and] does not believe that the privacy and security risks, though real, need to be addressed through IoT-specific legislation at this time.
‘However, while IoT specific-legislation is not needed, Congress should enact general data security legislation.’
