Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How secure are wearables, anyway?

Jen A. Miller | Jan. 14, 2016
Whether you're using that new wearable for yourself or managing IT at a company where fit trackers and smart watches are becoming more popular, wearables just might be the next big bullseye for cybercriminals.

"I'm going to be worried about things like Google Glass and cameras on smartwatches and anything that's either able to record audio or visual," says Mark McCreary, chief privacy officer and partner at Fox Rothschild LLP. "That's your primary concern as far as protecting your own data." 

Even if employees are recording without thinking anything of it (making a goofy video about totally unrelated to work but at work, for example) that video or audio could have sensitive information in it and be uploaded into different places – like a cloud – that are not as secure as your own company's systems. 

"It's about there being multiple copies. It's about not having control of the data," McCreary says. He likens it to employees using Dropbox at home. Copies of the information in that Dropbox are no longer just at work. The same may be true with what wearable are picking up. 

And that's not even getting into people who may come into your company's office with the intention of recording and stealing information (remember, the Target hack happened because of a heating and air conditioning company). It's a lot less obvious that they're doing that if they're a wearable than if they were to take out their phone and hit record. 

In those cases, McCreary says, especially if your company deals with sensitive information, it may be worth banning wearables that have the capability to record entirely in the workplace, or not allowing them in areas where sensitive information is out in the open and being discussed. 

The HR wearable angle

Some companies are giving out tracking devices like Fitbits to their employees as part of wellness programs. While the intention behind that decision might be a good one, Beth Zoller, legal editor at XphertHR, says that it presents possible human resources and legal issues in terms of who gets to see that data. 

"There are invasion of privacy issues," she says, especially if the employer has access to health information of an individual. Every Fitbit except the Zip, for example, records activity but can also record sleep patterns, which an employee may not want an employer to have. 

A company-given wearable also raises issues of what is personal time and what is private time. "There is the risk of employees who are wearing wearable devices that the lines between work and nonworking time is a blur," she says. "The employer might be able to pay overtime." 

She adds that if a device records video or audio, employers need to make sure that they are not accessing information that they do not have privilege to, such as those having to do with union activity, or else they risk running up against the National Labor Relations Act

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.