The staff of the Federal Trade Commission in a report recommends best practice measures to enhance and protect consumers’ privacy and security, to deal with the Internet of Things in America. The FTC report found that connected devices including connected cars raise numerous privacy and security concerns that could undermine consumer confidence.
The report is partly based on input from leading technologists and academics, industry representatives, consumer advocates and others who participated in the FTC’s Internet of Things workshop held in Washington D.C. Security was one of the main topics addressed at the workshop and in the comments, particularly due to the highly networked nature of the devices. The report includes the following recommendations for companies developing Internet of Things devices:
- Build security into devices from the start,
- Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization.
- Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers.
- When a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk.
- Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network.
- Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.
Commission staff also recommend that companies consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely.