Privacy and the Internet of Things

Simple steps such as checking how your personal information will be used and shared and turning off Internet-connected devices when you don’t need them can help reduce privacy risks.

Your fitness tracker knows when you’ve skipped your spinning class. Your TV knows you’ve been binge watching old episodes of Friends. Your fridge may soon know that you’re out of milk — and how much ice cream you’ve been eating.

More and more everyday objects are connected through the Internet. Researchers predict there will be 50 billion connected devices active by 2020. These range from simple identification tags to smart meters that track energy use to sensor-equipped cars that can diagnose engine problems and track how fast you drive.

Increased connectivity offers conveniences such as never running out of milk again, but it can also create risks for your privacy.

As the Internet of Things grows, your daily activities and behaviours are increasingly being tracked, measured and analyzed. This raises questions such as: Who will be able to see your information? How will your information be used? What can you do to control how your personal information is used and shared?

Here are some simple tips to help you to protect your privacy while enjoying the benefits of Internet-connected devices.

Tips to protect your privacy: Get in the habit of reading privacy information

  • What personal information is being collected? Does this make sense in light of the service being offered? Is it shared with third parties? Are you comfortable with this? How long is personal data retained?
  • Does the manufacturer state that it follows any security or privacy standards? (A number of organizations, including the International Standards Organization (ISO), the National Institute of Standards and Technology (NIST) and the Online Trust Alliance, have developed industry standards.)If there is no privacy information, this should raise a red flag.  And if you aren’t comfortable with the information you receive from the company, you have the option not to use the product or service.

Take control of your personal information

  • Check whether it is possible to not provide some information and still use the product as intended.
  • If you’re not comfortable with your personal information being shared with third parties for reasons that seem unrelated to using the device (advertising, for example), you should be able to tell the device manufacturer that you don’t want your information used for those purposes and still use the service.

Secure the device

  • Create a guest WiFi network just for Internet of Things devices to keep them separate from your computers and other more secure devices. Ensure the network is password protected — and choose WAP2 when prompted.
  • Change the default password on the device (if there is one, as these are often widely known and easily accessed by hackers). Make sure your passwords are strong, change them regularly and don’t re-use the same password across multiple devices or services.
  • Ensure your home network is secured, for example, with virus protection and firewalls. Additional resources: https://www.priv.gc.ca/en/for-individuals/?WT.mc_id=tel1

Our research paper, The Internet of Things: An introduction to privacy issues with a focus on the retail and home environments, includes more detailed information.