Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: IoT

Posted in Consumer Privacy

NTIA Commences Internet of Things Proceeding

On April 5, 2016, the National Telecommunications and Information Administration initiated an inquiry to review the potential benefits and challenges presented by the Internet of Things. In its Notice and request for public comment (RFC), NTIA is seeking input on the current IoT technological and policy landscape with a goal of developing recommendations—in the form of a Green Paper—as to whether and how the federal government should play a role in fostering the advancement of IoT technologies.

Posted in News & Events

April 2016 Privacy and Cybersecurity Events

Please join us for our April 2016 Privacy and Cybersecurity Events, including discussions on the Internet of Things, big data in healthcare, the Telephone Consumer Protection Act, international data flows, and more.

Posted in Consumer Privacy

Principles to Consider for your IoT Privacy and Security Program

Fifteen months after forming an Internet of Things working group, on March 2, 2016, the Online Trust Alliance released a final version of its IoT Framework along with a companion Resource Guide that provides explanations and additional resources. The voluntary Framework sets forth thirty suggested guidelines that provide criteria for designing privacy, security, and sustainability into connected devices. The creation of the OTA IoT principles represents a potential starting point for achieving privacy- and security-protective innovation for IoT devices.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Says Listen Up When Vulnerability Reports Come In

The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek. In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its router software, citing the company’s alleged failure to address vulnerability reports as one of the Commission’s primary concerns. The settlement reiterates the warnings contained in the FTC’s recent Start with Security Guide and prior settlements with HTC America and Fandango: the FTC expects companies to implement adequate processes for receiving and addressing security vulnerability reports within a reasonable time.

Posted in Cybersecurity & Data Breaches

Privacy, Security, and IoT Prominent Themes at Silicon Flatirons DBM Conference

On January 31, 2016, the Silicon Flatirons Center for Law, Technology, and Entrepreneurship at the University of Colorado hosted its annual Digital Broadband Migration Symposium. The theme of this year’s conference was “The Evolving Industry Structure of the Digital Broadband Landscape.” The two-day conference brought together an array of leaders from government, academia, and industry to examine the role of regulatory oversight, antitrust law, and intellectual property policy in regulating industry structure and to discuss what policy reforms may be appropriate for the constantly changing digital broadband environment. As outlined below, a recurring topic throughout this year’s conference was the relationship between privacy, security, and the evolving digital landscape.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Online Trust Alliance Releases Internet of Things Trust Framework

One of the most common devices in the emerging Internet of Things (IoT) was reportedly discovered to have a bug. According to the research firm Fortinet, a popular fitness tracker was vulnerable to wireless attacks through its unsecured Bluetooth port. A savvy attacker could install malware wirelessly within ten seconds—simply by coming within a few feet of the tracker. When the device’s owner returned home to sync daily activity with a computer, the malware could, in principle, infect the computer as well.

Posted in International/EU Privacy

CNIL Head of Compliance Explains Approach on Connected Devices, Including Smart Meters

Speaking at a recent conference organized jointly by AmCham and EY on “the Internet of Things, Opportunities and Challenges for the Protection of Personal Data”, Sophie Nerbonne, Head of Compliance at the French data protection authority explained how the CNIL views the opportunities and risks raised by connected devices, focusing particularly on smart meters as a scheme that may apply to other devices.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

NIST Releases Draft Framework on the Internet of Things

The National Institute of Standards and Technology released the draft Framework for Cyber-Physical Systems on September 18. The Framework is intended to serve as a common blueprint for the development of safe, secure, and interoperable systems as varied as smart energy grids, wearable devices, and connected cars. The NIST Cyber-Physical Systems Public Working Group developed the draft document over the past year with input from several hundred experts from industry, academia, and government. NIST will be accepting public comment on the draft for the next 45 days.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

NIST Tackles Cybersecurity in the Smart City

After the recent release of the discussion draft of its Framework for Cyber-Physical Systems, the National Institute for Standards and Technology has continued its push to facilitate the development of a more secure interconnected environment by convening a workshop on cybersecurity for smart cities. Co-hosted by the Cyber Security Research Alliance and titled “Designed-in Cybersecurity for Smart Cities: A Discussion of Unifying Architectures, Standards, Lessons Learned and R&D Strategies,” the workshop brought together representatives of government, industry, and academia to discuss how cybersecurity and privacy might be designed into the infrastructure of smart cities.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

NIST Releases Discussion Draft on Cyber-Physical Systems Framework

This week, the National Institute of Standards and Technology released a preliminary discussion draft of its Framework for Cyber-Physical Systems. The draft has an ambitious goal: to create an integrated framework of standards that will form the blueprint for the creation of a massive interoperable network of cyber-physical systems (CPS), also known as the “Internet of Things.” In 2014, NIST established the cyber-physical systems public working group (CPS PWG)—an open public forum which includes representatives from government, industry, and academia—to develop the CPS framework. By creating a common framework at an early stage of the Internet of Things, the CPS PWG hopes to ensure the development of a secure, integrated, and interoperable ecosystem of connected devices. The CPS PWG will continue to solicit input as it refines the draft and works to finalize the framework for use in multiple industry sectors.

Posted in Consumer Privacy

New Paper Considers Privacy Paradigm for Internet of Things

  A new paper published by the Future of Privacy Forum examines the appropriate privacy paradigm for the world of the Internet of Things.  The paper was co-authored by Hogan Lovells Privacy and Information Management practice leader Christopher Wolf who also is the founder and co-chair of the Future of Privacy Forum (with co-author Jules Polonetsky).  The […]