John McDonald: What is privacy in an internet-connected world?

By 2021, we’ll be connected to an average of 13 devices daily. Our smartphones, alarm systems, thermostats and even our refrigerators are all collecting and using data we provide by simply interacting with these devices. For many, the “Orwellian” threat of constant surveillance far outweighs the benefits of a refrigerator that texts you when you’re out of eggs.

In reality, the advantages of a data-enabled world extend far beyond produce tracking. And when built correctly, security does not have to be compromised in order to achieve maximum benefit. In the technology sector, our responsibility is not only to author innovation, but to earn and maintain the trust of our users through secure, honest data collection.

When the internet-of-things world works flawlessly, we don’t bat an eye about the constant stream of information flowing across our screens and devices and being collected on the other end. And the more data we share, the better internet-enabled networks are at anticipating our needs and making our lives easier. When it doesn’t work, the violation, the backlash and the fallout are fast and hard.

Plenty of examples remind us that a completely connected world needs to be intentionally designed to meet a consistent, minimum security standard: Facebook selling personal data, credit agency data breaches, and the Mirai bot attack are but a few.

There are steps we can take as industry leaders and as a society to protect ourselves, our businesses, our customers and the data sources that make IoT work, including:

Legislate: As a society, we regulate everything. Commerce, banking and humans can do irreparable damage when left unchecked. Why is the internet—with multiple access points to very valuable information—any different? Instead of creating reactive legislation, we must pass proactive protections before the disaster hits.

Update: Governments and organizations should require that outdated systems be replaced or brought to a higher standard set by proactive laws. And that means you, too! If you’ve been delaying those smartphone updates, you’re putting yourself and your data at risk.

Educate: When the EU General Data Protection Regulation becomes enforceable on May 25, businesses will have to better inform the public about security risks while being completely transparent about how and what provided data is used. Sure, we don’t always want to take the time to read the fine print, but we have to be our own first line of defense. Start educating yourself now, and learn more about existing legislation surrounding cybersecurity and IoT, including:

■ General Data Protection Regulation, known as GDPR,

■ The SELF DRIVE Act in Congress,

■ The Internet of Things Cybersecurity Improvement Act in Congress, and

■ net neutrality.

Proliferate: There is no room or time for assumptions, but with proper planning and paying attention, it is possible to cast a wide net of safe and secure IoT practices.

We’ve only scratched the surface when it comes to standardizing secure data collection and monitoring. This month’s enforcement of GDPR and the transparency it provides isn’t the end. In fact, it challenges organizations to better communicate to stakeholders and innovate safer, more secure IoT products and services for us all to enjoy.•

Click here for more Forefront columns.

McDonald is the CEO of Fishers-based ClearObject and chairman of the Indiana Technology and Innovation Policy Committee. Send comments to

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.

{{ articles_remaining }}
Free {{ article_text }} Remaining
{{ articles_remaining }}
Free {{ article_text }} Remaining Article limit resets on
{{ count_down }}