IoT privacy shortcomings scrutinised

Many IoT devices used by Australians offer little detail on how people’s personal information is stored and disclosed

Scrutiny of a number of Internet of Things devices and services used by Australians reveal shortcomings when it comes to privacy protections.

Seventy one per cent of a collection of IoT devices used by Australians, assessed as part the global sweep by privacy authorities under the auspices of the Global Privacy Enforcement Network (GPEN), did not offer a privacy policy that explained how data was collected, used and disclosed.

Twenty five data protection authorities participated in the program, including the Office of the Australian Information Commissioner

Other findings released by the OAIC include:

• 71 per cent of devices vendors failed to properly explain how information was stored

• 69 per cent did not adequately explain how customers could delete their information off the device

• 38 per cent failed to include easily identifiable contact details if customers had privacy concerns

• 91 per cent did not advise customers to customise their privacy settings.

“This year’s GPEN sweep has reinforced how important it is for businesses, particularly start-ups, to implement a ‘privacy-by-design’ approach, where strong privacy frameworks and communications are implemented from the beginning,” Australian Privacy Commissioner Timothy Pilgrim said in a statement.

“Strong privacy protections and clear explanations for how personal information is managed helps build consumer trust. It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong.”

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Internet of ThingsInternet of Things (IoT)Office of the Australian Information Commissioner (OAIC)privacy

More about

Show Comments