IoT Good Data Practice guide launched

The IoT Alliance Australia (IoTAA) has launched its Good Data Practice: A Guide for Business to Consumer IoT Services for Australia.

The 20-page guide is the result of a major collaborative effort by industry, consumer representatives and regulatory bodies to address consumer-related concerns about business-to-consumer IoT services.

The guide covers what industry participants need to consider when supplying IoT devices and services to consumers.

Gavin Smith, IoTAA chair and president and chairman of Robert Bosch Australia, launched the guide at the Comms Day/Communications Alliance IoT Summit in Sydney.

“The IoTAA is publishing the guide to promote industry and consumer awareness of good practice in dealing with data associated with business-to-consumer IoT services,” Smith said.

“IoTAA believes that industry needs to step up and take responsibility for the inherent risks in Internet of Things services. Providers can rely too heavily on consumers to understand and mitigate risks,” he added.

The guide focuses on measures that IoT providers can take to build consumer trust and understanding of safe use of IoT products and services.

Recommendations include that providers ensure the ‘terms of use’ of their products and services are fair, and clearly expressed, particularly on uses of consumer data and secure use of IoT devices.

Input came from many industry and regulatory bodies, including many members of IoTAA’s Workstream 3: Data Use, Access and Privacy group, plus staff of the ACCC, ACCAN and the Office of the Australian Information Commissioner (OAIC).

“Providers need to build understanding of consumers about good practice in consumer use of IoT and also address security and privacy vulnerabilities in IoT services end to end,” said the chair of IoTAA’s Data Workstream, Peter Leonard.

“Good practice includes providers ensuring that providers and their IoT data partners protect confidential information of businesses and promote privacy and information security.

“These vulnerabilities need to be addressed through good business practices including ensuring data privacy and security by design and default, minimisation of data flows, helping consumers to anticipate risks and understand what they can do to help reduce them, and ‘transparency’ on collections, uses and disclosures of consumer data,” said Leonard.

The guide outlines seven Good Data Practice Principles, dealing with:

• consumer protection;
• accountability;
• customer empowerment;
• cyber protection;
• customer data transparency;
• data minimisation; and
• customer data control.

“Industry and consumers need a better engagement model to ensure IoT services deliver benefits without consumer detriment,” said Leonard.

“Industry can take the lead, but only through good engagement with consumers and regulators and open and frank discussions about how to work together to address and reduce risks.”

Follow us and share on Twitter and Facebook