If you care enough about privacy issues to be a regular reader of this blog, you probably know that one of the Big Changes under GDPR will be the introduction of “accountability” as a legal obligation, i.e. it will now be a requirement that a data controller is able to demonstrate its compliance with the principles relating to processing of personal data set out in Article 5 of the GDPR. You may even have started thinking about what this means for your organisation: how are you going to get your development teams to adopt privacy by design and default? What are you doing about data minimisation? Do you apply appropriate levels of encryption to your personal data? In our ever-more digitally driven world, it’s easy to get caught up in the sophisticated stuff, but a recent UK ICO decision reminds us that accountability is about the simple stuff as well. Which brings us to filing cabinets.
The Federal Trade Commission yesterday released its staff report on the Internet of Things. The report summarizes the FTC’s November 2013 workshop, “The Internet of Things: Privacy and Security in a Connected World,” and provides FTC staff recommendations in this area. Notably, the report also describes best practices for data security and data minimization, and reaffirms the FTC’s commitment to notice and choice principles. We provide below an overview of the staff’s recommendations and the concurring and dissenting views of Commissioners Ohlhausen and Wright.