IoT and Governance. Its a game of RISK

Due to the sheer volume of devices, data volume, security and networking topologies that result from IoT, it is natural for there to be a lot of questions and legal challenges around governance and privacy. How do I know my data is secure? Where is my data stored? If I lose a device, what happens to data in flight?

The National Fraud Intelligence Bureau has said that 70% of the 230,845 frauds recorded in 2013/2014 included a cyber-element, compared to 40% five years ago. This would indicate that we aren’t doing a very good job on protecting the existing internet enabled devices, so why should we be adding more devices? If we internet enable our light bulbs and heating systems (Nest being acquired by Google a good example) to control from our mobile phone, can the devices be hacked to tunnel to our mobile phone data?

It is not only the singular consumer that needs to be aware of privacy and governance. Businesses too will need to ensure when they adopt IoT, they must place resources at the door of the legal requirement and implications of IoT enablement. A key aspect of this will be to ensure their internal teams are aligned in relation to IoT, and more specifically, security, data protection and privacy.

More and more, governments and regulatory bodies have IoT in their remit. This included the EU commission who published a report that recommended that IoT should be designed from the beginning to meet suitable governance requirements and rights, including right of deletion and data portability and privacy.

The draft Data Protection Regulation addresses some of these measures including:

  • Privacy by design and default – to ensure that the default position is the least possible accessibility of personal data
  • Consent
  • Profiling – clearer guidelines on when data collected to build a person’s profile can be used lawfully, for example to analyse or predict a particular factor such as a person’s preferences, reliability, location or health
  • Privacy policies
  • Enforcement and sanctions – violations of data privacy obligations could result in fines of up to 5% of annual worldwide turnover or €100m, whichever is greater

The first point above, privacy by design is normally an afterthought unfortunately. Whilst not a requirement by the Data Protection Act, it makes the compliance exercise much smoother. Taking such an approach brings advantages in building trust and minimizing risk.

IoT presents a number of challenges that must be addressed by European privacy regulators as IoT evolves. It is predicted that the scrutiny on these challenges will increase as the device number increases.

Some of the challenges include:

  • Lack of control over the data trajectory path
  • The lack of awareness by the user of the devices capabilities
  • Risk associate with processing data beyond original scope, especially with advances in predictive and analytic engines
  • Lack of anonymity for users
  • Non threat everyday devices becoming alive to threat

As can be seen from these challenges above, there are characteristics in common, such as control, security and visibility which makes governance of IoT a bigger challenge than expected.

Finally, governance in IoT is expected to follow other technologies. Up to now, the software industry has not had single standards for the complete service portfolio (including cloud), although government are addressing this. From the geographical standpoint, different regulations are commonplace for different jurisdictions in IT, so IoT is predicted to follow suit.

Published by

deniscanty

DENIS CANTY IS EXCITED TO BEGIN IN JULY 2017 WITH MCKESSON, A FORTUNE 5 COMPANY – AS THEIR SENIOR DIRECTOR OF CYBER SOFTWARE ENGINEERING IN CORK. HIS LAST ROLE (TO JUNE 2017) WAS AS THE LEAD TECHNOLOGIST FOR IOT WITH JOHNSON CONTROLS INNOVATION GROUP BASED IN CORK, IRELAND. THAT ROLE MEANT COLLABORATING EXTENSIVELY BETWEEN HIS TECHNICAL AND SALES TEAMS TO DRIVE FURTHER COMMERCIALISATION OPPORTUNITY THROUGH TECHNOLOGY (BOTH OUR OWN AND PARTNERS/STARTUPS) INTO OUR SALES CHANNELS, SPECIFICALLY LOOKING AT THE EMERGING SMART BUILDING MARKET. THE PROJECTS INCLUDE OUR EXISTING TECHNOLOGIES – BUILDING SECURITY, RETAIL, HVAC AND BUILDING ENERGY – AND EMERGING TECHNOLOGIES SUCH AS IOT, AR AND MACHINE LEARNING. A KEY COMPONENT WAS TAKING KEY INPUT FROM NUMEROUS STAKEHOLDERS AND PROCESSES TO DELIVER ROI FOR CUSTOMERS AND PARTNERS. HE THEN LED THE TEAM TO BUILD AND DEPLOY THE SOLUTIONS IN AN LEAN AGILE MANNER. DENIS SPOKE ON THE NATIONAL AND INTERNATIONAL CIRCUIT FOR JOHNSON CONTROLS AT NUMEROUS TECHNOLOGY CONFERENCES. HIS LEADERSHIP STYLE IS LEADERSHIP THROUGH TRUST AND DELIVERY, AND I TAKE RESPONSIBILITY FOR MY TEAM, COMPASSION AND HUMILITY ARE ALSO IMPORTANT AS A LEADER IN MY OPINION. I LIKE TO BUILD A BALANCED CULTURE, WITH THE PEOPLES PERSONALITIES IMPORTANT INPUTS INTO THAT. DENIS HAS A DEGREE IN ELECTRONIC ENGINEERING (2H) FROM CORK INSTITUTE OF TECHNOLOGY, A MASTERS IN MICROELECTRONIC CHIP DESIGN (1H) FROM UNIVERSITY COLLEGE CORK AND A MASTERS IN COMPUTER SCIENCE (1H) FROM DUBLIN CITY UNIVERSITY. PRIOR TO JOHNSON CONTROLS, DENIS HELD A POSITION OF PRINCIPAL DATA ARCHITECT AND DEVELOPMENT MANAGER WITH EMC FROM 2010 TO 2015, SPENDING 2011 IN SILICON VALLEY. HE LED A TEAM FOCUSED AT REDUCING AND CONSUMING NINE TEST AUTOMATION PLATFORMS FROM EXTERNAL MANUFACTURERS TO ONE EMC CLOUD HOSTED PLATFORM. HE ALSO WORKED ON A NUMBER OF WORKFLOW AUTOMATION SOFTWARE REPLACING TEDIOUS MANUAL EXTRACT, SEARCH AND REPORT COMPILATION THAT RESULTED IN EFFICIENCY GAIN (WRITTEN IN PYTHON). I ALSO BUILT PREDICTIVE ANALYTICS APPLICATION IN MANUFACTURING AND DATA SCIENCE MODELS FOR THE CUSTOMER VERTICAL WITH THE CTO OFFICE. DENIS BROUGHT MICROSERVICES BASED DESIGN ALONG WITH DISTRIBUTED STORAGE AND PROCESSING TO THE GROUP, CHANGING THE DEVELOPMENT CULTURE IN THE PROCESS. DENIS WAS ALSO A MEMBER OF EMC’S GLOBAL INNOVATION COUNCIL AND AS AN AMBASSADOR WITH THEIR OFFICE OF THE CTO, LEADING THEIR CUSTOMER INSIGHT SOFTWARE DEVELOPMENT. DENIS WON TWO GLOBAL INNOVATION AWARDS IN HIS TIME WITH EMC, IN THE AREAS OF SUSTAINABILITY AND E-SERVICES, AND HAS A PATENT IN INTELLIGENT POWER MANAGEMENT ON STORAGE ARCHITECTURE. HE ALSO WORKED PREVIOUSLY FOR ALPS AUTOMOTIVE DIVISION FROM 2005-2010, IN A VARIETY OF ROLES, INCLUDING AS THE LEAD COMPUTER VISION ENGINEER, AND THE LEAD TECHNOLOGIST ON EUROPEAN RESEARCH PROJECTS IN THE AREAS OF IN-VEHICLE DISTRACTION MONITORING AND SMART HOME DEVICES. DENIS ALSO SPENT TIME CONSULTING IN THE START-UP WORLD, SUCH AS A HEALTHCARE INFORMATICS CONSULTANT WITH ACE HEALTH, LEADING THE DEVELOPMENT FOR AN APPLICATION WHICH HELPS HEALTHCARE SERVICE PROVIDERS ACHIEVE BETTER PATIENT OUTCOMES AND CUT COSTS THROUGH A REGULATOR-APPROVED PREDICTIVE ANALYTICS PLATFORM IN THE DUTCH AND US MARKETS. HE ALSO HAD HELPED NUMEROUS STARTUPS ON BUILDING THEIR TECHNOLOGY ROADMAP TO ALIGN WITH DEFINED TARGET MARKETS AND CUSTOMER BASES.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s