Aussies Encouraged To Consider IoT Risks Following Global Sweep
A global sweep of IoT products has revealed that 71 per cent of devices and services used by Australians fell short on explaining how personal information is used.
It was found that these devices and services did not provide a privacy policy and notices to adequately explain how personal information is collected, used and disclosed.
The results have today been released by the Australian Privacy Commissioner along with fellow international regulators through the Global Privacy Enforcement Network (GPEN).
The 26 privacy enforcement authorities making up GPEN examined the privacy policies of over 300 businesses, including 45 used daily by Australian consumers, from around the world.
Among the Australian report’s findings are that: 71 per cent failed to properly explain how information was stored, and 69 per cent did not adequately explain how customers could delete their information off the device.
It also found that 38 per cent failed to include easily identifiable contact details if customers had privacy concerns, and 91 per cent did not advise customers to customise their privacy settings.
“The Internet of Things allows for some great products and entertainment, but many of us have adopted this technology into our everyday lives without considering how much of our personal information is being captured or what happens to that information,” Australian privacy commissioner Timothy Pilgrim commented.
“Remember, for an Internet of Things device to work for you it needs to know about you, so you should know what information is being collected and where it is going.
“I encourage all Australians to look for privacy policies before you decide to use a device, and ensure you are comfortable with what information is being collected and how it is being managed.”
Pilgrim found that the Australian businesses assessed generally lacked clear customer information about how their personal information was being managed, while more than half failed to adequately explain how information was collected, used and disclosed.
“This year’s GPEN sweep has reinforced how important it is for businesses, particularly start-ups, to implement a ‘privacy-by-design’ approach, where strong privacy frameworks and communications are implemented from the beginning,” he commented.
“Strong privacy protections and clear explanations for how personal information is managed helps build consumer trust. It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong.”