Wearable Cropped (2)

Privacy and wearable technologies – A POPI dilemma?

As technology becomes less of a utility and begins to retain intelligence about who we are through wearables, organisations will begin to invest in such technologies to gain competitive advantage and consumer insights through what has become “human telematics”.

As consumers increasingly demand meaningful, personalised, communications and engagement with their insurance providers through seamless platforms such as wearables, insurers will, by necessity, be required to integrate wearable technologies into their product offering to retain their competitive edge. Technological integration positively impacts both insurers and consumers, however, we need to “draw a line in the sand” between utility and the right to privacy so as to avoid over-reaching privacy invasions.

Rapid innovations in technology, falling costs in the unit price of devices, and a general social trend toward health by tech-savvy consumers, are largely held to be the drivers of the increased demand for health-related wearables. Ian Chen, a marketing manager at Freescale Semi-Conductors Sensor Division, believes that “by 2025, there will be more data generated from sensors and devices than all of the data being generated today from every source.”

With increased demand comes a highly competitive market with new and old entrants battling it out to produce better, more accurate and more useful wearables. The pace of innovation and demand in this space is increasingly leading to concerns over privacy and inadequate security safeguards as development outstrips legislative and regulatory requirements. However, there is a further commercial benefit that insurers have been quick to leverage at the risk of potentially invading the privacy of their policyholders and users.

Security and privacy

Wearables present multiple attack vectors, in that they often require data to be transmitted to a processing application typically housed on a smart devices such as phones, tablets or computers. Furthermore, applications may store the data online. Gary Davis, the Chief Consumer Evangelist at Intel Security believes that the data collected through wearable devices “is worth 10 times more than that of a credit card on the black market.”

Reviews by various security firms have found multiple vulnerabilities in wearable devices and related applications, these range from exposed login credentials, network sniffing (wherein data transmitted from the device is visible to potential attackers), to being able to monitor a user’s location through the device’s tracking mechanisms and public networking capability. It is worth considering the security risks of wearables when linked to smart devices.

Careless users may leave their wearable or smart phone unattended, where any person may pick it up and peruse the data stored thereon. Wearables themselves are not typically password protected or secured, and smartphones and other devices are only as secure as their lock screen password, if enabled.

Future concerns include the susceptibility of the Internet of Things to cyber-attacks. While not currently viewed as a serious problem, it is poised to become one as smart devices, wearables and other smart appliances become more widely adopted, providing would-be thieves with a plethora of information about individuals.

Privacy of the user is closely linked to the security considerations and concerns that are inherent to wearables. Wearables that process health-related information – which may be anything from vital statistics to sleeping patterns – and track user locations, require additional safeguards to be in place to ensure the protection and lawful processing of such information in accordance with various legislation and regulations in place worldwide. However, despite the number of countries with laws regulating the use of personal information, few laws holistically address the collection, storage, use, sharing and disclosure of personal information obtained through wearables.

What does this mean in the South African context?

South Africans have also been swept up in the wearable fever. Fitness bands, for example, are common features in public and in the workplace. Large insurers and medical aid schemes offer incentives to members who buy and use wearables and share the related health information with the organisation. In turn, this information is utilised in profiling, and incentivising policy holders and scheme members. The benefits of the technological integration are multi-faceted and present opportunities for both consumers, insurers and medical aid schemes.

Imagine an insurer or medical aid scheme being able to calculate, in real-time, the risk profile of its policy holders and members and provide competitive premiums based on the health profile of each of its policy holders or members uniquely. This not only incentivises members to lead healthy lifestyles but enables the insurer and medical aid scheme to accurately quantify and underwrite its risk exposure. From a consumer perspective the benefits are numerous and range from customised premiums, as well as health-related savings and promotions, to early warning of possible health risks enabling more relevant, just-in-time treatment.

Privacy awareness in South Africa is still in its infancy. However, there are currently several pieces of legislation that provide a framework to understand the rights and obligations of the user, service provider and other parties, where personal information is concerned. Policy holders and scheme members will need to become more astute as to the purposes for which their personal information, health-related data, and other data collected through wearables provided or utilised by insurers and medical aid schemes is processed to ensure that their privacy is not unreasonably infringed.

All organisations integrating new technologies into their day-to-day interactions with consumers, like insurers and medical aid schemes, will need to start considering the privacy impact of adopting these technologies and the consequent business, consumer, and compliance risks.

Organisations should consider the privacy impact in light of the following:

  • nature of information processed (i.e. health information);
  • how the information is collected, used and why the organisation requires it;
  • where the information is located and volume of information retained;
  • who has access to the information and whether it is shared with third parties; and
  • the legal obligations in respect of the information.

Based on this assessment, the organisation will be able to accurately determine what the privacy impact of technology adoption, such as wearables, is and most importantly where to “draw a line in the sand.”

Visit our website to learn more about Protection of Personal Information Act (POPI) and other security and privacy topics.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Femi Oke

About Femi Oke

Relentless passion for creativity and digital acumen to help a professional services firm thrive in the digital space. Femi is an individual with a rich experience on regional African knowledge, its diverse business culture and he understands the continent’s economic drive. He thrives on selfless service and lasting mutually beneficial relationships with colleagues and especially clients encountered in the course of his duties. He is creative, practical and self-motivated with business judgement in corporate, brand and strategic communications, social, digital & traditional media and executive profiling. Roles in the firm include New Media, Digital Communication, Corporate Communication, executive profiling and Brand Management execution. Working on the multi-million dollar Africa high growth market project stands out for femi; besides this, managing all KPMG’s digital communication for the World Economic Forum on Africa is another project that gives him great delight. Femi holds a Masters Degree in Global Marketing from the University of Liverpool.

, , , , ,

No comments yet.

Leave a Reply

LEGAL PRIVACY POLICY
Twitter Linkedin Facebook YouTube RSS