How to Protect Wearable Device DataNew Report Offers Best Practices for Ensuring Privacy
The manufacturers of wearable health devices should incorporate key privacy and security best practices into the research and development of their products to ensure personal data is adequately protected, especially when it's shared with others, says privacy advocate Michelle De Mooy of the Center for Democracy & Technology.
De Mooy is co-author of a new report that CDT jointly developed with wearable device maker Fitbit. The report aims to establish voluntary industry guidelines for "privacy-protective and ethical internal research procedures" for wearable technology companies.
Recommendations focus on several key themes, including the idea that user expectations for data privacy should guide consent requirements, as well as security protocols, for wearable device data shared with others.
The concept of "individual digital dignity" should guide companies in how they use data, De Mooy says in an interview with Information Security Media Group.
"For example, somebody's expectations for how [their] data will be used should guide when you should ask them for consent," she says. "That might be intuitive to some of us, but that's not what is happening at a lot of wearable or tech companies in general," she says.
The concept of "data stewardship" is another important element in the privacy and security practices of device manufacturers, she says.
"Companies, especially in health and wellness, are just not data repositories. ... We want them to see themselves as data stewards - and part of being a data steward is making sure that the practices and policies they implement are formalized, sustainable ... and also give people access to their data."
It's also important for individual consumers to consider privacy and security before using wearable devices or any of the related applications that work with these products, she says. That includes privacy considerations related to sharing device-generated data on social media sites or with employee wellness programs or healthcare providers.
For instance, individuals need to consider how much information from their wearable devices they feel comfortable sharing - and then choose privacy settings carefully.
In the interview (see audio player below photo), De Mooy also discusses:
- Top privacy and security concerns involving wearable health devices;
- Why these devices do not generally fall under the regulatory scrutiny of the Department of Health and Human Service's Office for Civil Rights or Food and Drug Administration;
- Other steps that device manufacturers and consumers can take to help protect the privacy and security of data.
De Mooy is deputy director, privacy and data project at the Center for Democracy & Technology, a nonprofit advocacy organization that works to promote democratic values by shaping technology policy and architecture. There, she advocates for data privacy rights and protections in legislation and regulation, works closely with industry and other stakeholders to investigate good data practices and controls, and identifies and researches emerging technology that impacts personal privacy. She leads CDT's Health Privacy Working Group.