Let’s take a moment to think about the connected devices you use in your home and at your workplace. There are probably at least a couple of computers, several smartphones, printers, a server and one or two other ‘things’ on your list. Many of us are using the same devices for leisure and work activities. For example, you might log onto a home computer to access work files and email. And you probably have personal photos saved on a work computer and even use them as your screen saver.
And as we’ve seen with gadgets like Google Nest and the Apple Watch, it’s no longer just the computer ‘stuff’ that holds our information and connects to the web. More and more appliances and other goods are getting smarter. What about your TV? Or your set-top box? Central heating system? Music system? Camera? Washing machine? Your kettle? Seriously, these are available. And each connected ‘thing’ is likely to contain at least a network ID and password, along with a host of other personal or professional information about the user.
But as sophisticated and hyper connected these ‘Internet of Things’ gadgets are and as exceptional as they make the customer experience, they also pose serious problems to data privacy. First, if consumers don’t feel they can trust smart products, they won’t invest in them or use them to their full potential. According to recent WRAP research, two thirds of households in the UK were concerned about someone gaining access to their personal data if they resold a laptop or smartphone to a retailer. Second, if consumers don’t know how to remove data properly from their products and devices, they’re not going to be as inclined or comfortable re-purposing them for reuse or recycling. And third, it brings up the issue of timeliness. We need to address these issues now to make certain that we can protect our customers and their personal and professional data.
We need to accept that we’ve already given consumers dozens of new ways and hundreds – if not thousands – of new places to store old data. But many people won’t yet understand this concept or the consequences of it because they’re already using those products and services. For businesses that sell products or services to consumers, it’s your job to inform and educate consumers to understand the different types of data that could be vulnerable, the many places (both physical and virtual) where their data is stored, why customer experience and data privacy don’t have to be mutually exclusive and why it’s important to remove outdated and irrelevant information when those products or services are no longer used. Here are some ways we can make this change happen.
Design technology for eradication.
First of all, we need to create the types of technologies and products that lend themselves to adequate data eradication. A recent study by Mellings and Blyth indicated that some smartphone platforms gave a reasonable level of data protection when a “factory reset” was performed, but that other devices could not. A further study by Simon and Anderson at the University of Cambridge indicates how many products could present a security threat through old data recovery on retired devices.
Simple product and operating system design principles on smart devices would let a customer remove all data with reasonable assurance that common attack methods can not succeed. How can experts in data protection and eradication help product designers do this? By working with chip designers and manufacturers, it will be possible to build eradication protocols directly into operating system designs.
Provide better education and support to help customers manage and remove their data responsibly.
The majority of industry discussions about data security focus on government and corporate security. As a result, standards tend to be focused on commercial products and legal certification. We need a new approach that includes smaller businesses and organizations as well as consumers.
Education needs to be the starting point for both businesses and consumers. And from there, that education needs to then be filtered through to the entire customer support experience that businesses offer. It should be easy for consumers to ask for businesses to provide written proof of the technologies and IT security protocols in place to manage their personal information. We need to work together on these actions to provide our customers with the data protection they deserve.
This is just the beginning of the conversation. We need to remember this isn’t an issue that can be solved in a single day. It will take a lot of time, many different minds from different perspectives, and even more collaboration to help both businesses and consumers responsibly manage old and new data.