Wearable Devices: Privacy and Security

Wearable devices become more popular as the holiday season approaches. Among various new technologies, there’s a focus on the idea of wearable devices, which include items like smartwatches, fitness trackers, and other electronic accessories that can help make life easier.  However, with that comes the risk of privacy and security.  What would you need to know about your wearable device? What are the limitations of wearable devices? How secured are they, who has access to or owns the stored data?

What type of data do wearable devices collect?

When it comes to wearable devices, it is important to realize that the most prevalent data it stores tends to be personal, health, and fitness-related information.  For instance, the wearable device may track steps, take a pulse, measure heart rate, and in the case of the newer Apple Watch 2.0, they could record your geographic position. However, when it comes to other data, the wearable device’s ability is limited for the time being.

One of the major limiting factors of wearable devices is the need to store and process data. The reason Apple Watches do not come with a memory amount and tiered structure, like the iPhones, is because they use the mobile phones and mirror the information through bilateral communications (i.e., data consolidation).  For instance, an Apple Watch would need the App installed on the iPhone to mirror some of its contents.  Because of this, the theft of a wearable device, like an Apple Watch, may not be as risky today, but given that technology progresses over time, it could be significant later.  Even then, the Apple Watch is one example as other watches, like the now-deceased Pebble, could occasionally run Apps without mirroring via the mobile phone. Even then, smart watches may retain some information, like names, contacts, notes, or credit card information.

How do you adequately safeguard data for wearable devices?

The easiest way of safeguarding data for wearable devices is to know the data’s initial source and ultimate location. For instance, in a Fitbit, data is synced on your device, but may also be synced with the Fitbit servers for the account, which can be publicly searched without changing account settings.  It’s important to note that each wearable device is different, and in that respect, they are not different from a smartphone.  The basic rules apply, not just in safeguarding your device by locking others out, and installing safe passwords, but by finding out what data your wearable device collects and sends out.  For instance, an Apple Watch, especially with the newer generations, may be able to access financial data, pictures, geolocations, and fitness-related information.

Ultimately, the best practices may include the following: (i) know the access controls and permissions; (ii) know where the data goes, presume data is synced on the cloud, and keep a secure account with a strong password; (iii) know the device’s technology limitations; (iv) require multi-factor authentication (i.e., connect to a smart phone + receive unique passcode); (v) stay updated; and (vi) assume that devices can be hacked and compromised.

At our law firm, we assist clients with legal issues related to online privacy, cybersecurity, and e-commerce transactions. Please contact us to set up an initial consultation.