Wearable tech, and the Internet of Things (IoT) movement, has been a big topic in IT security for this year. More devices than ever are being connected to the Internet, operating in the cloud, and sharing information. This creates a lot of data - big data - that has as significant impact on data security, particularly in highly regulated industries such as healthcare.
The Information Commissioner’s Office (ICO) in the UK was one of the first governing bodies to clarify its position on wearable technology, noting that organizations that process information from wearable technology will almost always be covered by the UK Data Protection Act:
This means that they must process the information collected by these devices in compliance with the legislation. This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required.
With the amount of ‘personal’ data that organizations could potentially have access to now on the rise, there is an increased demand to protect that information at all stages of its lifecycle. This means protecting stored data as well as protecting this now exponential number of endpoints that could access and store this data.
As Duncan Forsyth's article on ChannelPro notes, many organizations are not thinking about these issues yet and not all device management suites are capable of coping with these issues. As the article notes, the solution to an effective governance, risk and compliance (GRC) strategy is a combination of a clear and accessible policy, customized education and a versatile technology solution to data protection and device management.
Our approach at Absolute is to focus on the user, not the device. This user-centric approach means that new devices don’t throw a wrench into the device and data protection system, protecting against GRC breaches.