Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Secure Data Protection
Who Owns the Data Collected by Wearable Devices?
November 21, 2022
7 Minutes
Data is being collected on people and businesses every day. People will generate, on average, around five gigabytes of data a day using their devices. Whether it’s our internet browsing history, social media posts, purchase history, or credit card bills, the data that defines our lives is readily available to companies that collect it, ready to be used for whatever purpose they choose.
So, who owns the data collected by wearable devices?
Generally, unless stated otherwise in a company’s privacy policy, the data collected by the most common wearable devices like Fitbits and smartwatches belongs to the collector (Google, Apple, Samsung, Fitbit, Peloton, and any other company that offers wearable products that track data), who decides what they do with that information.
Sign up for our newsletter!
Though many choose to work alongside government regulators on protecting this information, along with swearing not to use it for marketing or targeting purposes, the data still exists as a reference to learn more about people’s daily habits.
The key for the general public is to use the tools at your disposal to limit what data you allow these devices to collect. You need to know your rights when it comes to to what data can be shared or sold by the collectors. Read on to learn who has access to your information, how you can limit what they collect, and what implications HIPAA has for health data collected by wearables.
The importance of data security cannot be overstated. Whether it’s protecting your customer data or securing private company information, businesses need proper data security in place. Learn more about it in this blog: What is Data Security and Why is it Important?
Who Can Use the Data Collected by Wearable Devices?
Anyone to whom the collector company decides to sell or share that data can use it to make decisions for their business.
Security Risks from Wearable Devices
Wearables are constantly collecting information on people and, oftentimes, the devices themselves don’t have the storage necessary to keep it all internally. So, using connections like Wi-Fi and Bluetooth, they connect with other devices (phones, tablets, computers, etc.) to transfer data and store it in the cloud.
This immediately poses risks. Are the Wi-Fi networks secure? Are the connected devices secure? Experienced cybercriminals can infiltrate many of these things to steal your information. Even if the data makes it to the company's cloud servers, is it safe there? Unsecured devices and networks are common vulnerabilities that cybercriminals use to steal data.
Businesses need to be sure that their data servers are protected, and users need to do their homework as what companies are doing to protect their data.
Related Blog: Data Security Solutions and Best Practices in Cloud Computing
Data Compliance for Healthcare-Related Devices
Another big question mark on data collection from wearable devices is how healthcare data is handled. The Health Insurance Portability and Accountability Act (HIPAA) is a government regulation designed to protect people’s private health information, but it only applies to covered entities (practices, clinics, hospitals, etc.).
Companies like Fitbit and Apple, who collect health information from their watches, are not covered entities and therefore don’t have to abide by HIPAA rules.
However, if a covered entity has patients wearing monitoring devices for health purposes, the data collected by those wearable devices is covered by HIPAA. That means that health information is secured against many uses like selling or sharing.
But some companies have taken data privacy into their own hands. Google's recent acquisition of Fitbit, completed in 2021, left many people wondering if the information being recorded was now going to be used by Google for advertising and marketing purposes or being sold to companies. But Google chose to protect data privacy.
In a statement, Fitbit CEO James Parks said: “Google will continue to protect Fitbit users’ privacy and has made a series of binding commitments with global regulators, confirming that Fitbit users’ health and wellness data won’t be used for Google ads and this data will be kept separate from other Google ad data.”
In many cases, like with Google, it is up to the company to decide what to do with the data, even if it is healthcare-related. While DOT Security applauds Google’s stated commitment to privacy and safety, it is worth considering the extent to which you are willing to trust your private information to the goodwill of a major corporation.
Ensuring the Protection of Data Collected by Wearable Devices
Like any data collected from your customers or employees, from wearable devices, health related or not, must be protected from cybercriminals. This means using cybersecurity techniques like encryption and decryption, access control, secure cloud storage, and more to avoid costly breaches.
Without these security measures in place, businesses risk becoming subject to the costs of stolen data, like reputational harm, fines, and other personal or business-related costs of a breach.
Learn more about what you can do to secure your company and customer data in this blog: What is Data Security and Why is it Important?