We are finally getting close to the world of George Jetson. The rosy, utopian future painted by the 60’s-era cartoon has prompted many of us to ask, “when am I going to have a robot maid?” as we stare at the pile of dishes in the sink (at least my robot vacuum has the floors covered…). While we are still waiting for humanoid robots to help with chores around the house, many of the conveniences and automations imagined in George’s office have manifested in some way for the modern workplace. But what the show didn’t talk about were the massive privacy implications of all the data collection and processing necessary to enable those marvelous conveniences. And, even more importantly, the implications as those devices make their way into the corporate environment.
Before adding the newest smart gadget to your office, take a moment to consider what information it collects and uses. It’s not always immediately obvious. I’ve collected some common types of smart devices and their privacy implications here:
- Doorbells/locks – Record entry and exit times, and video recordings analyzed by AI.
- Security cameras – Video and audio stored in the cloud for analysis.
- Smart TVs/speakers – Record conversations, media (including internal content), and consumption habits.
- Smart lighting – In use/vacant, workflow habits, occupancy
- Vacuum/sweeper – building layout, furnishings, object recognition, room use patterns.
- Wi-fi: Usage, number of devices, visitors, movement between access points.
- Kitchen appliances – eating habits, dining frequency, nutrition/diet details, or restrictions.
- Thermostat – in use/vacant, power consumption.
- Virtual assistant – voice recording, search history, purchase history.
- Exercise equipment – fitness data, health issues.
While smart devices provide many useful capabilities, very few people understand the privacy implications of the data collected and stored by these devices. Terms and conditions, regular updates, and active management of privacy settings are necessary overhead that is rarely considered when purchasing these devices. This is especially true in corporate environments, where the devices may collect confidential company data alongside personal information. It’s critical that corporate security programs expand their aperture to include these devices and their associated risks. Want to discuss how to help manage smart device risk in your enterprise? Contact email@example.com!