FTC Releases Internet of Things Report | Practical Law

FTC Releases Internet of Things Report | Practical Law

The Federal Trade Commission (FTC) has released a report on the Internet of Things with recommendations for improving and protecting consumer privacy and data security as the use of internet-connected devices continues to grow.

FTC Releases Internet of Things Report

Practical Law Legal Update 1-597-7008 (Approx. 4 pages)

FTC Releases Internet of Things Report

by Practical Law Intellectual Property & Technology
Published on 27 Jan 2015USA (National/Federal)
The Federal Trade Commission (FTC) has released a report on the Internet of Things with recommendations for improving and protecting consumer privacy and data security as the use of internet-connected devices continues to grow.
On January 27, 2015, the Federal Trade Commission (FTC) released a staff report, Internet of Things: Privacy & Security in a Connected World. The report summarizes the FTC's November 19, 2013 Internet of Things (IoT) workshop and addresses the benefits and risks of the IoT and the application of traditional privacy principles to the IoT. The report also provides staff recommendations regarding how to improve and protect the privacy and security of consumer data as the development and use of internet-connected devices continues to expand.
The report defines the IoT to include devices or sensors that connect, store or transmit information to the internet or between each other via the internet. The report does not include recommendations that relate to:
  • Computers, smartphones and tablets, which are beyond the FTC's IoT definition.
  • Devices sold in a business-to-business context.
  • Broader machine-to-machine communications that enable businesses to track inventory, functionality or efficiency.
The FTC's recommendations for businesses working this area include:
  • Implementing security measures such as:
    • building security into device design from the outset;
    • training employees and managing security appropriately within the organization and with respect to outside service providers;
    • creating multiple layers of security to manage particular risks; and
    • monitoring connected devices and providing security patches for known risks.
  • Minimizing collection and retention of consumer data.
  • Providing consumers notice and choice as to how their data will be collected and used.
While the report finds that IoT legislation may be premature, it reiterates the FTC's call for strong data security and breach notification legislation.