Body Talk: Privacy and Security Protections for Wellness Devices

fitbitThinking about buying a connected-to-the-Internet-of-things-universe fitness tracking device like a Fitbit as a holiday gift? No lie, those impossible to get out of your head Fitbit video ads are definitely catchy.

But perhaps you’re worried about what happens to all that data about your steps and heartrate? Concerned that you’ll get an ad targeting you for some sort of treatment or pill or health-care service?  Or, worse yet, get denied insurance because of what the device reveals about your habits?

Well, the Consumer Electronics Association has issued voluntary Guiding Principles on the Privacy and Security of Personal Wellness Data that say companies should:

  • have robust security;
  • create clear and concise written policies on how wellness data will be collected, stored and used;
  • get affirmative consent before transferring wellness data to an unaffiliated third party;
  • not “knowingly use or disclose personal wellness data in ways that are likely to be unjust or prejudicial to consumer’ eligibility for, or access to, employment, healthcare, financial products or services, credit, horsing or insurance” and provide users a way to review and correct stored wellness data if it intends to share it in a way that may be used for those reasons.
  • give users a chance to opt out of any targeted advertising based on their wellness data; and
  • have a privacy policy that describes how it responds to government and law enforcement requests for data.
That last one is interesting. Not sure why some secret government agency or another might want to know how many calories I burned yesterday, hmmm …

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.