Aussie IoT firms get a fail mark for privacy

By

Global sweep picks up widespread shortcomings.

The Office of the Australian Information Commissioner says 71 percent of all privacy policies offered by the makers of ‘internet of things’ devices used in Australia fail basic requirements demanded by privacy law.

Aussie IoT firms get a fail mark for privacy

The regulator has joined 26 other privacy authorities from the Global Privacy Enforcement Network to contribute to a worldwide sweep of privacy guidance made available by 314 IoT companies - 45 of which are operating in Australia.

The survey - which was conducted between 11 and 15 April this year - found that policies are overwhelmingly generic rather than device specific; are vague, unhelpful and in some cases failed to recognise sensitive activity data like steps and calories burned as personal information.

The IoT industry has boomed in recent years, with the increasing popularity of sensor-driven wearables like fitness trackers, plus home devices and even children’s toys.

But Australian Privacy Commissioner Timothy Pilgrim has warned “many of us have adopted this technology into our everyday lives without considering how much of our personal information is being captured or what happens to that information”.

“Strong privacy protections and clear explanations for how personal information is managed helps build consumer trust. It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong,” he said.

On the local front, the OAIC found:

  • 71 percent of companies did not disclose how personal data would be stored, and some failed to even specify what they collected
  • 27 percent did not say whether they shared personal information with third parties
  • 44 percent did not detail how personal data would be safeguarded
  • 38 percent didn’t supply contact details if customers had outstanding privacy concerns
  • 93 percent did not tell users how to wipe devices remotely if they are lost or stolen

Globally, an average of 68 percent of vendor privacy policies failed the basic test of informing a customer how their personal information is collected, used and disclosed.

The Global Privacy Enforcement Network is an interjurisdictional consortium of privacy regulators formed under the umbrella of the OECD.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
internet of thingsiotoaicprivacystrategytimothy pilgrim

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Vic firefighters doing battle with IT outages

Vic firefighters doing battle with IT outages
Transport for NSW restructures tech division

Transport for NSW restructures tech division
CSC to buy UXC for $428m

CSC to buy UXC for $428m
Lockheed Martin's IT business nears $7bn sale

Lockheed Martin's IT business nears $7bn sale
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?