Although connected objects are not yet subject to specific regulations regarding personal data and security management, they induce growing concerns.
As confirmed by Stéphane Grégoire, Head of Economic Affairs of the CNIL, during the MEDEF conference on the morning of April 12th 2016, on the theme of connected objects, reporting an increase of 36% of the amount of complaints from the CNIL concerning the protection of personal data and individual freedom in 2015.
It is good to remember that the CNIL is attentive to the following aspects:
- ? The rights of access, rectification and information portability
A user can actually ask for the data that concerns him, for it to be modified or simply to be sent to him or transferred to another service.
- ? The non-diversion of its purpose.
Indeed, the specificity of connected objects is that they tend to be forgotten or to be used for the wrong purposes. The primary use of this object must not be to gather information that is uncorrelated to its purpose.
- ? Authentication and data exchange
Technical measures must be set up in order to guaranty a sufficient level of security, whether it is to authenticate the access to the device, or to ensure (through encryption for example) the confidentiality of the data transfer.
Often regarded as a barrier to innovation and a constraint to experimentation, the security aspects can become, in the context of IOT, a real Marketing opportunity. Therefore, obtaining approval from the CNIL becomes a label of reliability and quality. Indeed, consumers pay a particular attention to the aspects related to the security of personal data, right after those related to the price.
Despite the costs and complexity, it is important for security to be integrated into the design of the products and the R&D process. The ” Privacy by Design ” has become a tool designed to adapt solutions to customers needs and to place it at the center of preoccupations.
ARROWMAN Key Insight
Once security will be at the heart of preoccupations in the ecosystem of IOT, Benoit Andrade advises leaders to develop a real strategy in order to attract rare and extremely sought-after profiles.
The skills related to cyber security and to the protection of personal data have become just as crucial to the success of a project, as they have become rare worldwide. According to him, these kinds of recruitments should be anticipated in order to allow their integration as early on as possible during the development phase and to truly integrate them into the business model of the company.
Indispensable expertise, the recruitment and integration of these skills are major challenges for the development and the sustainability of the company. Beyond the legal risks and the brand image issues, the technical and commercial success relies more and more on these recruitments.
Benoit ANDRADE, Associate Director at ARROWMAN Executive Search, Technologies & IOT Expert.