Privacy First for Security Companies

Privacy has become a major issue around the world. Hopeful
presidential candidates, such as Elizabeth Warren, have proposed privacy
legislation and European countries are beginning to issue their first
judgements based on GDPR violations. Given this evolving environment, the
Internet Society participated in a panel on data privacy at the ISC-West
conference on 11 April 2019.

The conference was sponsored by ADT, one of the largest home
security companies and an Internet Society organizational member. The panel
included Frank Cona from ADT, Dylan Gilbert from Public Knowledge, Brandon Board
from Resideo, and Kenneth Olmstead from the Internet Society.

The discussion focused on two main themes. The first was
that in the data-driven economy, user agency is more important than ever. Users
must be able to ask companies what data they have about them and be able to
update or delete that data. The second was that companies must put privacy at
the forefront of their business practices. Privacy cannot be an afterthought,
but must be the starting point.

There was not consensus among panelists regarding whether
there will be Federal privacy legislation at some point, but it was clear that the
security industry should do its best to implement privacy practices, regardless
of regulation. All panelists agreed that privacy can be a market differentiator
– it is in companies’ interest to protect their users’ data.

Home security companies, like ADT, are in an interesting
position given that the data they can collect is unique. Security systems can
monitor who is in the home, when they come and go, and even where they are in
the home (among many other data points). The panelists from the industry made
it clear that their companies are keenly aware of this and that protecting user
privacy given the sensitivity of this data is paramount.

An interesting question from the audience was whether there
is a company or organization that offers a “trustmark” of sorts to help
companies show that their privacy practices are robust. Here again the
consensus of the panel was that no such mark exists at the moment, but it would
be helpful to both consumers and companies if it did. It would, in effect, give
users information about which companies to trust with their data and help
companies communicate to their users that their data privacy practices are
effective.

The Internet Society’s position on these issues is clear.
Data privacy is extremely important to ensuring trust in the Internet itself.
The home security industry relies on the Internet to provide  service, and as a result has a vested
interest in protecting user data and ensuring that users can be confident their
data is safe.

We encourage manufacturers and service providers in the home
security industry to follow the principles in our IoT Trust Framework,
which outlines security and privacy best practices for devices, mobile apps,
and backend services comprising today’s IoT solutions.  Working with Consumers International and
Mozilla, we recently called on big
retailers in the US like Target, Walmart, Best Buy, and Amazon to publicly
endorse and apply
our minimum security and privacy guidelines and stop selling insecure connected
devices
. In addition, tomorrow (16
April), we’re releasing our 10th
annual Online Trust Audit & Honor Roll
, which assesses 1,200
organizations and recognizes excellence in consumer protection, data security
and responsible privacy practices. Read more about it tomorrow.

The post Privacy First for Security Companies appeared first on Internet Society.