The gentle buzz of a wearable technology device vibrates on your wrist at 7 am. You sync the device with your smartphone to see how well you slept. The result: poor. You feel groggy, so you drink extra coffee, which increases your heart rate, a data point also recorded by your wearable technology. You trudge through your morning routine more slowly than usual, so you skip that half hour on the elliptical and head for the office.
Imagine the impact after a few weeks of this behavior. Your poor sleep quality is triggered by alcohol and lack of exercise. These, combined with a sleep deficit that slowly affects your overall health, leads to weight gain, increased blood pressure, and other problems. And all of this data is stored in your wearable technology device—or, more accurately, in its cloud software.
The fact that so much data is collected through a wearable technology device, such as an activity tracker, a smartwatch, or a pulse tracker, means that there are tangible risks involved, according to Conan Dooley, a senior security engineer with Box, and previously a senior security analyst with Bishop Fox.
If that data was carelessly stored, and then stolen through a data breach by a malicious third party and sold to unscrupulous organizations that want to use that data to assess your health risks, you could one day face steep increases in health insurance, or even a policy cancellation. The risk of this is so real that some companies are buying data breach insurance to protect themselves in the case of consumer information getting into the wrong hands.
If you’ve willingly shared this data with your health insurer, through discount options at work, you may already be facing rising insurance costs without any data breach necessary, since many employers offer “good health” discounts to employees who stay within regulation weight and exercise parameters to receive a significant savings on health insurance.
By the end of 2015, there were an estimated 200 million wearable technology devices on the market. By the end of 2018, the wearable technology market is expected to have more than 780 million wearable technology devices on the market. This gives hackers plenty of opportunities to steal sensitive data and benefit financially from it.
What consumers should want to know.
As more and more consumers purchase wearable technology, they unknowingly expose themselves to both potential security breaches and ways that their data may be legally used by companies without the consumer ever knowing.
Just because you agree to share your data with one company, or the government, doesn’t mean that that company will be in business next year, or new laws could be passed that change access to the data that you willingly gave up your privacy rights to share.
We are entering a technological world where everything is cataloged, everything is documented, companies and our governments will be making decisions about us all as individual based on your data trail.
And if a company files for bankruptcy, what does that mean for the data they’ve collected?
What you want manufacturers to know.
Part of the problem with the security of these devices is because wearable technology makers are rushing to beat their competitors and get their product onto the market first.
We all know that’s it’s all about grabbing the biggest slice of the pie right now. They all are trying to be first to market. The challenge for security division people is hard enough to get consumers to update their apps on their smartphones or update their operating system and making sure they’re applying the right security patches, which is pretty straightforward by updating in the app store.
Forcing a product to market to quickly is also costly. We are not just talking that it is costly just in terms of money alone, but you also sacrifice privacy and security and other considerations in order to get technology out as quickly as possible when wanting to be first to the market.
To reduce potential risk, companies need to build privacy and security into their existing development process, not have it be an afterthought.
Fitbit and inherent risks
One well-known manufacturer of wearable technology tech, Fitbit, is the first wearable technology, tech-focused company to go public.
Let’s say Fitbit was unable to successfully develop and timely introduce new products and services to enhance existing products and services, your business may be adversely affected. To stay afloat, you must continually develop and introduce new products and services and improve and enhance our existing products and services to maintain or increase our sales.
Again, because there is so much competition, it’s important to manufacturers to try to be the first to market. Some companies release user agreements that promise security and privacy practices that they cannot live up to.
Privacy vs. security
Even the actual health information, without a breach, can pose a problem since there’s so much personal data being gathered. This dips into privacy issue rather than security.
For example; a companies give you a discount on health insurance if you wear a device. Then you look at the data the wearable technology is giving you. Is it fair if they say if you don’t go to the doctor in the next three months your insurance will go up? What if they can mine the data and find out you’re an aggressive driver and raise your insurance rate?
From a wearable technology standpoint, just who has access to the data these devices collect?
Weighing the risks
Wearable technology devices will continue to grow in popularity, as consumers appreciate the immediate access to fitness tracking, health tracking and other convenient measurements. As yet, there have been no well-publicized data breaches involving the data collected by health and fitness wearable technology and smartwatches, so there hasn’t been a public outcry about the privacy and security risks.
NOTE: The Dark Side of Wearables, Teena Maddox