incident response

Subscribe to incident response via RSS

Disrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things (“IoT”).

IoT is here, and it will revolutionize how both individuals and corporations interact with the world.  In this multi-part series we will explore this quickly evolving revolution and the privacy and security legal issues and risks that corporations will have to address in order to leverage IoT and move the world into a new reality.  Part One of this series provides background and context surrounding IoT and highlights the legal issues organizations seeking to leverage IoT will face.  Subsequent parts will dive much deeper into IoT.

To start, consider the following portrayal of a day in the life of IoT:

By the time Lazlo Hollyfeld’s smartwatch detected the proper biorhythms to roust him out of sleep, his coffee was brewing and his curtains were drawn back.  “It is cold this morning, Mr. Hollyfeld, but no rain today in the forecast,” stated his computer assistant over the Bluetooth speaker by his bed.  Lazlo haphazardly waved his watch at the T.V., which automatically began streaming his morning news program.  He fumbled for the slippers by the bed, and reached for his morning smart pills which were remotely dosed according to a physician’s review of Laszlo’s wearable health monitoring devices.  Health readings from the pills taken after ingested would later be sent to Lazlo’s physicians.

As he arose, motion detectors relayed to his home automation system to bring the lights up to 30%.  Stumbling into the bathroom, both the lights and his television stream followed him.  The shower was running at a comfortable temperature and Lazlo’s favorite album started to play on the shower stereo as he walked in.

Running late, Lazlo quickly dressed and dashed downstairs to grab his coffee.  Tracking his motion and triangulating the Bluetooth signal from his watch, the home automation system brought up Laszlo’s schedule and to do list on the refrigerator screen, shut down the heat system in the house, turned off the lights in the living quarters, and signaled to his car to start the engine and turn on the seat warmers.  Lazlo scanned his email on the fridge screen, and swiped a few emails to the car icon.  As he ran to the garage, he grabbed the last of the orange juice in the fridge, triggering a reorder to be delivered by drone later that evening.  By the time he pulled out of the driveway, his television stream was already playing in the car.  Meanwhile, his home automation system locked the doors, set the alarm system, and turned on the sprinklers. 

Lazlo entered the highway where his watch, reading his skin surface temperature, signaled the car to remove power from the seat warmers.  As he comfortably locked in cruise control, his car began reading the emails he had swiped to the car icon on the fridge.  Lazlo took his hands off the controls because his car was communicating with the other vehicles on the highway to maintain the proper speed and lane location.  Lazlo dimmed the car windows and settled into to his traffic-free relaxing morning commute.    

Does this sound like the distant future to you?  Think again.  Much of the technology discussed in this article already exists in the marketplace (or soon will).  For businesses, IoT will present enormous competitive advantages and financial opportunities, and also pose challenging legal, security and privacy risks.   To fully enable IoT organizations will have to consider privacy and security legal issues at the outset, and design IoT technologies and devices in way that address these issues and limit risk to both the users and companies.  Let’s begin exploring.

The U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former postal employees. Specifically, in one of its complaints, the NLRB alleged that the postal service’s unilateral decision to provide credit monitoring and fraud insurance to affected employees without engaging in collective bargaining with the union on these issues violated Sections 8(a)(1) and (5) of the NLRA. These provisions of the NLRA mandate collective bargaining for any issue that relates to the “wages, hours, and other terms and conditions of employment.”