Internet of (Every)Things

Slides:

Advertisements

Similar presentations

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Advertisements

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

Rapid Mobile Development Enterprises are having a tough time keeping up with the demand for mobile apps. With these growing demands, businesses are expecting.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Internet 2 Corporate Value Proposition Stuart Kippelman (J&J) Jeff Lemmer (Ford) December 12, 2005.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Data Governance: Addressing the Big Data Challenge IT.CAN 2015 Information Technology Law Spring Forum May 4, 2015 Adam Kardash Partner, Privacy & Data.

The Internet of Things and Consumer Protection

© Allen & Overy April 2015 Katia Manhaeve - Catherine Di Lorenzo The Internet of Things.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007 Privacy In The Web TATYANA STEFANOVA LEX.BG BULGARIA.

Copyright © 2016 – Curt Hill The Digital World Understanding the challenges of this world.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

Protecting Data, Sharing Information Graham Wakerley: Director

Building a Better Connected World

Law Firm Data Security: What In-house Counsel Need to Know

A policy framework for an open and trusted Internet

Privacy and Public Policy Implications of IoT

Remarks by Dr Mawaki Chango Kara University DigiLexis Consulting

4 THE DIGITAL FIRM: ELECTRONIC COMMERCE & ELECTRONIC BUSINESS.

#ConnectedHomeHuman&Habitat

Add video notes to lecture

MGMT 452 Corporate Social Responsibility

Chapter 10 Cyberlaw, Social Media, and Privacy

Security Standard: “reasonable security”

Operational Technology Information Technology

Internet-of-somewhat-dubious-Things

Mobile Application Development

Challenges facing Enterprise Mobility

Microsoft 365 Get help with regulatory compliance

Industrial IoT Derive business value from the Internet of Things, People and Services Ronald Binkofski General Manager Microsoft MC CIS.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.

OTA & IoT A Shared & Collaborative Responsibility 24 October 2017

North Carolina Law Review Symposium

Online platforms Brussels, September 2016.

Hello, Today we will look at cyber security and the Internet of Things and how it could impact our business.

Privacy and Security in the Employment Relationship

Data Quality: Practice, Technologies and Implications

BA 625: Privacy Law and Policy

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

Intel's Public Policy Plan for the Internet of Things

The motivation Distributed knowledge sources Distributed experience

Frequently Asked Questions NCSC Product Certification

Consumer Privacy An Introduction

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Spectrum Management in a Converged Ecosystem Velamah Cathapermal-Nair

Innovation at the Edge How rapid experimentation with emerging technologies is achieving results on Earth and in Space Tom Soderstrom, JPL IT Chief Technology.

IoT Security and Privacy

Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance.

IT Megatrends that shape the Digital Future…

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Reflections on PIPEDA and the Future of Privacy Law in Canada

Managing Privacy Risk in Your Commercial Practices

Student Privacy in the age of big data

SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Blockchain and Distributed Ledger Technology: Innovation, Operation, and Legal and Regulatory Implications Consumer Protection on the Blockchain Emily.

Topic 12: Virtual Private Networks

Privacy and personal data protection

Colorado “Protections For Consumer Data Privacy” Law

IT and Society Week 2: Privacy.

Children and Networks Suha Hajyahia Tareza Haddad.

Chapter 6 Innovative Systems: From E-Government and E-Learning to C2C E-Commerce and Collaborative Commerce.

IoT and Supply Chain Risk Management

Cloud Computing for Wireless Networks

Presentation transcript:

Internet of (Every)Things Risks, Benefits and Practical Recommendations ACC Georgia Presentation August 16, 2016 Jason Epstein Partner, Nelson Mullins Jason.epstein@nelsonmullins.com 615-664-5364 Melloney Douce General Legal Counsel Rolta AdvizeX Technologies, LLC mdouce@advizex.com 678-942-5029

Nelson Mullins Riley & Scarborough LLP Topics How We Got Here What is the Internet of Things? Use Case Examples What Makes IoT Different? FTC Enforcement Actions Risks, Benefits, Practical Analysis Nelson Mullins Riley & Scarborough LLP

Nelson Mullins Riley & Scarborough LLP How Did We Get Here? “The Third Wave.” Book by Alvin Toffler. First Wave. 1000’s of years. Agricultural society. Second Wave. Post-Industrial Rev. Mass production and distribution. Third Wave. Information Age. Interactive community. “The Third Wave.” Book by Steve Case (2016). Three Waves of the Internet. First Wave. 1985-1999. Building the Internet. [Cisco/IBM/AOL] Second Wave. 2000-2015. App Economy and Mobile Revolution. [Amazon/Google/Facebook] Third Wave. 2016-Future. Internet of Everything. “The Third Wave is the era when the concept of Internet of Things—of adding connected sensors to products—will be viewed as too limiting, because we’ll realize that what’s emerging is the much broader Internet of Everything.” [Partnerships] Nelson Mullins Riley & Scarborough LLP

What is the Internet of (Every)Things? The Internet of Things has been defined as a ubiquitous network of connected sensors embedded in everyday objects for the purpose of collecting and sharing data via the Internet. Experts now predict that IoT-related sensors and devices will reach 50 billion by 2020. Nelson Mullins Riley & Scarborough LLP

Accelerated and New Issues Interoperability Privacy Security Data Management Product Liabilities Patent (Infringement) New Technologies (Blockchain) Nelson Mullins Riley & Scarborough LLP

Use Case Examples: The Landscape Nelson Mullins Riley & Scarborough LLP

Nelson Mullins Riley & Scarborough LLP Use Case Examples Industrial: GE: https://www.youtube.com/watch?v=KzXfFDJWgmQ Auto: HP/BMW: https://www.youtube.com/watch?v=CUjDxgXM3UA Nelson Mullins Riley & Scarborough LLP

Nelson Mullins Riley & Scarborough LLP Dilbert Nails It Nelson Mullins Riley & Scarborough LLP

Nelson Mullins Riley & Scarborough LLP And Nails it Again Nelson Mullins Riley & Scarborough LLP

What Is Different Practically? The sheer velocity of products, services and data. Think Napster. Explosion of consumer applications and thus potential risks and harm are elevated. Products built for interoperable communication through sensors and Internet connectivity and doing a lot more. Seamless connectivity to exchange information (including location, biometrics, purchases, and online browsing history). Affordability. Big Data analytics for companies to store information, share it, and make inferences about customers. Nelson Mullins Riley & Scarborough LLP

What Is Different Legally? Product Liability. Oven Smart meters Vehicles Patent Infringement. Regulatory. Privacy and Security. Updating product (firmware) Interoperability New functionality and Life Cycle Management Nelson Mullins Riley & Scarborough LLP

Notable FTC Enforcement Actions TRENDnet: In 2013 the FTC initiated regulatory action against TRENDnet, a retailer of various networking devices including routers, modems and IP cameras. TRENDnet's IP cameras allowed users to waive the requirement for login credentials and allowed a user's live feed to be publicly accessed when set to private. Hacker's posted the live feeds from various cameras online. ASUSTeK: the FTC alleged that ASUSTeK failed to take reasonable steps to secure the software for its routers, which were advertised and sold to U.S. consumers specifically for the purpose of providing security and protection for consumers’ personal networks. FTC further alleged that the ASUS routers were susceptible to a number of commonplace “well-known and reasonably forseeable vulnerabilities” that allowed hackers to gain easy, unauthorized access. Nelson Mullins Riley & Scarborough LLP

FTC Consent Order Requirements FTC issued a Consent Orders to TRENDnet and ASUSTeK required each company to establish and maintain a security program. These steps included the following: The appointment of a security officer; The identification of material internal and external risks to the security of covered devices; The identification of material internal and external risks to the security of covered information; The design and implementation of reasonable safeguards and controls and regular testing of the effectiveness of such safeguards and controls; The development of vendor management programs; and The continual evaluation and testing of the foregoing. Nelson Mullins Riley & Scarborough LLP

Additional Recommendations Identify Product Liability Issues Identify the Risks to Devices and Networks Implement Operational Controls and Safeguards Implement Personnel Risk Management Controls Implement Software Controls and Safeguards Device Lifecycle Management Reasonable Access Controls Identification of Informational Risk Data Minimization Nelson Mullins Riley & Scarborough LLP

Practical Recommendations TRANSPARENCY IoT Ecosystems will likely include numerous devices that are designed to operate without our knowledge and, as a result, consumers may find it increasingly difficult to answer “what, when, where, why and how” questions regarding IoT devices that hide in plain sight and the data such devices collect. Regulatory agencies have encouraged companies to clearly notify consumers of the presence and purpose of certain IoT devices and sensors. ACCOUNTABILITY Some regulatory agencies have cited corporate accountability as the governing principle in privacy law and, in light of this principle, encouraged companies to be accountable by demonstrating to consumers how they have used, are using, and will use consumer data. NOTICE AND CHOICE Though implementing the traditional consumer protection principles of “notice and choice” may present new challenges in IoT, providing consumers with the opportunity to make informed decisions concerning the use of their data remains critical, particularly where sensitive personal data is implicated. Nelson Mullins Riley & Scarborough LLP

Internet of (Every)Things Risks, Benefits and Practical Recommendations ACC Georgia Presentation August 16, 2016 Jason Epstein Partner, Nelson Mullins Jason.epstein@nelsonmullins.com 615-664-5364 Melloney Douce General Legal Counsel Rolta AdvizeX Technologies, LLC mdouce@advizex.com 678-942-5029