The recent product recall for a Smartwatch for Children in the EU caught media attention earlier this week. The reason for the recall? The lack of encryption during transmission of data between the smart watch and it’s back end servers leaving it vulnerable to several types of attack including intercepting its GPS location.
Whilst such shortfalls have been exposed in other smart products aimed at children the recall is believed to be the first of its kind to relate to the lack of privacy in a product. However with privacy concerns on the rise and increasing scrutiny on privacy in products I believe this certainly won’t be the last.
This also highlights the vital need to ensure data privacy by design / default is a core requirement for any business handling sensitive information, not only to protect your consumers and brand, but because it’s a legal requirement under the Data Protection Act 2018 (Section 57) / GDPR (Article 25).
Conducting assessments thoroughly can be difficult and time consuming. You need to cover the entire journey the data will take including every state, technology and operation. Unless you are a technical or operations expert you can also run into issues with a lack of understanding.
That’s why looking outside of your business for assistance can often be a blessing in the disguise of some commercial outlay.
Comments are closed