jason atchley
John Edwards, Law Technology News
The Internet of Things: A Legal and Professional Minefield
How will a world in which nearly everything can be identified and monitored impact laws and lawyers?
|0 Comments
Get ready for an Internet that connects just about everything on the planet to nearly everything else.
In just a few years, an untold number of interconnected devices—everything from smartphones to irrigation systems to parking meters to vending machines to home refrigerators to medical sensors—will be able to swap data with each other.
The Internet of Things' potential scale involves numbers usually reserved for discussions on the nature of the universe. According to market research firm Gartner, there will be nearly 26 billion devices on the IoT by 2020. ABI Research predicts that more than 30 billion devices will be wirelessly interconnected by 2020.
The IoT's potential benefits include enhanced security, improved environmental monitoring, faster shopping, more effective business and residential security, and better health care. Yet the technology will also pose numerous challenges for lawyers facing an array of new IoT-related legal issues as well as the reality of working within a legal framework reshaped by IoT technology. "IoT devices will completely change the legal playing field," predicts Stephen Treglia, legal counsel to the investigations team at Absolute Software. "With so many more devices providing a doorway to criminals, the security and privacy of such confidential data has never been at greater risk."
Here's a look at some of the top challenges:
Privacy and Security. "In recent years the introduction of bring-your-own device (BYOD) raised serious concerns about mobile devices and data security. But by its very nature the IoT will spawn an even longer list of connected devices, extending this concern beyond traditional end points," Treglia says. "For organizations, the emphasis will be [on] securing network access and any data contained within the network or on the actual device."
Meanwhile, regulators are beginning to examine IoT-related privacy and security issues, focusing on ways businesses and government agencies could use both personal and commercial data collected via the IoT as well as how the technology could be exploited by businesses and individuals for criminal activity. "Of course, there is always concern related to hackers accessing data through unsecured systems as well and, without standards, that risk increases," says Mark McCreary, a partner with Philadelphia's Fox Rothschild whose practice includes privacy compliance as well as data breach management. "Criminals will target these devices not because they want the hardware, but rather because they want the data contained on the device or via the corporate network."
Tort Liability. Who's at fault when an IoT device generates false or misleading data? "We saw this early on with GPS systems driving people into rivers," McCreary says. He notes serious issues could arise if IoT devices misreport the location of individuals or if the reporting doesn't provide correct time-location information. In fact, IoT devices could go haywire in an almost endless number of ways, generating incorrect information related to home, business, medical and other devices. Yet IoT device makers shouldn't face any greater tort liability than today's GPS manufacturers. "Tort liability from the use or sale of items that are connected to the IoT should not be a significant issue as long as the manufacturers do not misrepresent their products," McCreary says.
Data Ownership. Who owns the information when devices interact with each other and collect vast amounts of data? "The answer to this question will depend upon the usage agreement or opt-in information undertaken when someone starts using a device," McCreary says. "That being said, any modern example will have the [information] manufacturer owning the data."
Yet Peter Tran, senior director of the worldwide advanced cyberdefense practice for RSA, the security division of Hopkinton, Mass.-based IT storage company EMC, isn't so sure. He believes that IoT data ownership claims will be an ongoing problem. "There is no easy answer given the immature nature of what potential legal issues may arise," Tran says. "From a security perspective, policy and legislation will need to be established to begin the governance frameworks around device ownership versus data ownership."
Attorney Productivity and Efficiency. The IoT promises both benefits and risks for lawyers. "In terms of device and data availability, the IoT will make us more efficient in our jobs," McCreary says. He notes that with the IoT's help, "evidence can be gathered from devices and cannot be completely destroyed." The IoT also promises to allow lawyers to share more types of information efficiently and virtually instantly, McCreary says.
Yet Treglia warns the IoT will also bring lawyers face to face with a new breed of data security threats. "Client and reputational issues aside, there is a good chance that law firms will be strictly liable for data breaches by the regulatory bodies that oversee corporate," he says. "Depending on the scale and the nature of the breach, financial penalties can be severe. For example, if the firm is handling electronic-protected health information of a health-care-covered entity as its client, the firm is now exposed to the incredibly severe dollar sanctions of the HIPAA/HITECH Act provisions."
John Edwards is a freelance writer based in Arizona. Email: jedwards@gojohnedwards.com.
No comments:
Post a Comment