By Aaron Weller, Al Sweeny, Brad Chin and Radhika Srivastava of PwC
There is a lot of anticipation, investor excitement, and hype regarding the potential benefits of the Internet of Things (IoT), as often happens with transformational products at the start of their adoption cycle. Beyond just getting the initial devices out the door, forward thinking organizations need to consider the steps to be taken throughout the entire product lifecycle; i.e. how will these devices be supported and maintained over time? Speed to market in the IoT realm can have unintended and expensive consequences.
Consideration should be given to devices that may have an extended operational lifespan or whose software goes through several iterations of updates or releases. For instance, how often do people replace their refrigerator? If the device is smart, the expectation is that the features and functionality will evolve over the lifecycle of the product. We have already seen this occur in televisions where Samsung has provided ‘upgrades’, including additional processors and memory to enable the use of advanced smart features.
Additionally, situations have already occurred where devices have been launched with some hardware or software features not supported by the release software, but subsequently added via a patch. From a privacy perspective, it is important that appropriate notice is provided to the user in the form of an updated privacy statement if the data collected from the device will change as a result of increased device capabilities. User consent such as an opt-in or acceptance feature may also be required depending on the update.
When sensitive data that requires explicit consent is going to be captured, the process to capture and maintain that consent is something that needs to be thought out as part of the product development process, especially when the device or the associated update mechanisms may not have any input or display capabilities.
Another consideration must be how to maintain security over the entire lifecycle of a product. While mature design practices should enable products to be sold in a secure manner, it is likely that security vulnerabilities will be identified in many early internet connected devices. This may require a security patch to be rolled out, or even worse, force the product to be recalled at significant expense and brand impact. Managing this update process and giving the user of the device an opportunity to be notified about any changes needs to be considered as part of a complete sunrise to sunset product strategy.
PwC approaches these challenges by taking an end-to-end view of the product lifecycle, as it moves between research, development, manufacture and operational stages. We work to understand the current functionality and ensure that you are set up for success throughout the lifecycle of the device, by applying good practices at every stage. Although the Internet of Things is in its infancy, users and customers expect that their data will be appropriately managed and protected now.
Join PwC at the Internet of Things Privacy Summit, hosted by TRUSTe, on July 10th in Silicon Valley to discuss privacy and security issues that have emerged in conjunction with the growth of the IoT market. Click here to see the full event agenda and register to attend. (Registration closes at 12:00pm PT on Wednesday, July 9th). The event will also be live-streamed – register here.