Internet of Things Framework introduced by the Online Trust Alliance for our connected world

Kathryn Rattigan
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

On August 11, 2015, the Online Trust Alliance (OTA) released an Internet of Things (IoT) Trust Framework (“the Framework”), which presents guidelines for IoT manufacturers, developers, and retailers. The Framework was designed by a group of multi-stakeholders formed in January 2015, including ADT, AVG Technologies, Microsoft, Symantec, TRUSTe, Verisign, and over 100 other IoT experts. Craig Spiezle, Executive Director and President of OTA, said, “The rapid growth of the Internet of Things has accelerated the release of connected products, yet important capability gaps in privacy and security design remain as these devices become more and more a part of everyday life.” The Framework addresses only two key categories of IoT devices: home automation devices and consumer health and fitness wearables.

Specifically, some of the Framework’s highlights are:

  • Privacy Policies: “The privacy policy must be readily available to review prior to product purchase, download or activation and be easily discoverable to the user. Such policies must disclose the consequences of declining to opt-in or opt-out of policies, including the impact to usage of key product features or functionality.”
  • Limit Disclosures: “Any default personal data sharing must be limited to third parties/service providers who agree to confidentiality and to limit usage for specified purposes.”
  • Encrypt: “Personally identifiable data must be encrypted or hashed at rest (storage) and in motion using best practices including connectivity to mobile devices, applications and the cloud utilizing Wi-Fi, Bluetooth and other communication methods.”
  • Test: “Manufacturers must conduct penetration testing for devices, applications and services.”
  • Mitigate: “Manufacturers must publish and provide timely mechanisms for users to contact the company regarding issues including but not limited to the loss of the device, device malfunction, account compromise, etc.”

For the list of guidelines, click here.

Public comments on the Framework are due to the OTA by September 14, 2015. The OTA is also developing tools and methodologies that will formalize the Framework and ultimately lead to a voluntary Code of Conduct and certification program for IoT manufacturers, developers and retailers.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide