January 27, 2016
Wearables are in demand: Some estimates exceed more than $100 billion in annual sales by 2018. Fitness trackers and other wearable devices help chronicle daily steps, monitor sleep and track other useful data—providing obvious benefits for users looking to improve their health and productivity. As plenty of news articles have highlighted in recent months, privacy and security experts worry, however, that this immense amount of extremely personal data could end up in the wrong hands.
Earlier this year, Symantec Corp. analyzed a number of wearable products and found that all hardware-based devices were 100 percent trackable. And, without encryption, users face numerous potential privacy risks, including identity theft and employer misuse of data. The market is moving into uncharted territory, and manufacturers and regulators must balance innovation with measures that help ensure user safety and data privacy.
Two main privacy concerns when using wearables are wireless interoperability and cybersecurity.
First, wireless interoperability helps ensure that a device successfully transmits data from one point to another—often another device—in support of the system’s intended use. If this process does not occur as planned, an individual’s information could end up in unintended hands or the device may lose function or provide the user with incorrect data.
Second, having proper cybersecurity protocols in place is essential to helping ensure privacy when using wearables. Wireless transactions can put data in a more vulnerable position, increasing chances of a breach when compared with transmission through a physical cable. The threat of personal information being accessed from a wearable device by others for malicious purposes has highlighted the need for increased safeguards.
While wearable technology currently faces relatively light regulation, with the intention of encouraging innovation, the U.S. Food and Drug Administration (FDA) and others have taken steps to raise awareness of these emerging privacy risks.
In January the FDA published a draft guidance document for wellness devices, and some wearable health devices may qualify. The guidance defines the wellness devices the FDA will and will not regulate as it seeks to advance the development of wellness technologies without sacrificing safety. The FDA states that popular devices, such as fitness trackers, smart watches and mobile health apps, fall outside of its scope because they are considered “low risk general wellness products.” To enable the innovation of health wearables, the FDA is placing accountability on manufacturers to self-regulate and enact requirements that help ensure user safety and data privacy.
Underwriters Laboratories (UL) and the Association for the Advancement of Medical Instrumentation (AAMI) are also developing the AAMI/UL 2800 interoperability standards specifically for medical wearable devices. Still under discussion and development, AAMI/UL 2800 is expected to be released as a series of interrelated standards, which in addition to addressing a variety of interoperable technologies could also be used to help secure data communications in the wireless ecosystem. The AAMI/UL 2800 standards will help manufacturers design safer interoperable products and establish a baseline of mitigating measures for any potential mishaps that could threaten a patient’s health or life.
With the personal data of millions potentially at stake, wearable manufacturers, whether their products are regulated as a medical device or not, should incorporate as a default standards-based privacy and security controls into their product infrastructures. Furthermore, by following existing guidelines and state-of-the-art standards, manufacturers can strive to mitigate risks before a product launches and help ensure a product will perform safely and securely.
With these steps, wearable users can feel more confident that the benefits will outweigh the risks of these new innovations.
Originally published by The Privacy Advisor