How Does Mobile and Wearable Tech Affect Your Big Data Privacy Policies?

Just about the time you think you’ve got a handle on securing the data and providing privacy for your customers, vendors, and others on whom you hold sensitive information, wearable technology enters the picture, delivering an entirely new stream of data and privacy issues. By nature, the data collected by wearable technology is intensely personal.

Much of the popular wearable tech holds GPS data (where a person goes, when, etc.) as well as personal information like their lifestyles and habits and even their personal health. This ups the ante regarding privacy. What does your IT department need to know as wearable tech becomes mainstream?

What Mobile and Wearable Tech Bring to the Privacy Discussion

Studies show that consumers are indeed concerned about the data collected on them, but they are also keenly aware of how multiple data sets can be pieced together and analyzed to create a unique and highly personal view into their lifestyles.

Some of these devices can record their voices, recognize their faces among crowds, and piece these data sets with other information, such as the places they frequent and people they are around. Additionally, some apps gather sensitive data on the individual’s health and lifestyles. Could insurance companies use this information to bump their rates? Could doctors use it to deny their access to certain medications or clinical trials?

When Your Current Policies and Procedures Might Not Be Enough

Consumers are also aware that even though they’ve agreed to share their information with one entity (such as their bank or personal trainer), that this information can be passed along to an unknown third party. Indeed, in many cases, the cursory privacy policies you adopted and have users agree to upon downloading an app might not be sufficient for the amount and types of data the device and apps are capable of gleaning on a person.

One example is wearable tech that gathers medical information. A user’s heart rate might not be covered under HIPAA regulations, so collecting and holding that information isn’t usually a problem. However, once this information is shared with a medical professional, it becomes a part of that customers’ legal health record, and therefore becomes protected by HIPAA.

So, if your app gathers this data and passes it to a health professional for monitoring or advice, your business and data now become subject to HIPAA law. There are other instances when the data you gather becomes regulated differently according to what you’re collecting, where the data is sent or stored, and how it is analyzed in relation to other data on that individual. Netflix learned this when they lost a lawsuit regarding privately viewed shows and movies were made public.

Steps to Take to Improve Consumer Privacy

What can you do to assure you’re complying with all applicable (and potentially applicable) laws and maintaining the trust consumers have placed in your brand?

• Don’t collect data if you don’t have a purpose for it.

• Delete data after analysis if there is no need to keep it.

• Consider carefully what third parties you share data with.

• Use strong encryption in data storage and during data transfer and analysis.

• Use multi-factor authentication to assure no one who shouldn’t access the data does so.

It’s an excellent idea to keep legal council on hand to discuss what data to collect when developing mobile and wearable tech and apps, as well as what regulations the data is subject to and what privacy policies you need to use for consumer consent when collecting data. When it comes to consumer data and regulations, there is no such thing as being too safe.