tiero - Fotolia
Recent statistics have touted the increased popularity of wearable technology as consumers continue to strive for even more connectivity in their everyday lives. As the trend continues, businesses will soon no doubt have to consider wearable technology as yet another potential source of data breach vulnerability.
In this Ask the Expert, Scott Christensen, director of technology at Edwards Wildman Palmer, LLP, discusses the information governance challenges created by wearable technology, including how it could influence companies' compliance and data security processes.
What information governance challenges are created by wearable technology?
A cell phone can record video or take pictures. Wearable technology can do that, but it's not going to be as evident as doing it when walking around with a camera or cell phone. It's pretty important to prepare for that and inform our employees about what is appropriate or not.
Not a week goes by that we are not reading about a major data breach. Gartner predicts that by 2017, one third of Fortune 100 companies will experience an information crisis because of their inability to effectively value, govern and trust their enterprise information. The reality is that governments and other regulatory agencies are clamping down and putting more teeth into audits and privacy awareness. It's a good thing, but it's turning into the 'heavy hammer of compliance.' For instance, I work for a law firm. Law firms do work for hospitals, so now we have to comply with HIPAA laws. We do work with financial service companies and large banks. Regulators are putting a compliance hammer down on them, so they are putting a hammer down on us.
It's a compliance world, and law firms and other organizations are scrambling to put in data loss prevention, or DLP, solutions. The idea is not so much keeping hackers out, but also about how you keep information from leaving. Our own people are our weakest link. For example, say I'm working on a document for a client, or I'm working on something confidential for a healthcare organization. I email that home to my email account to work on it there instead of using what might be considered a more acceptable governance practice. That's a problem. That's part of security awareness training, but it's also putting in technology that will keep the crown jewel-type information from leaving the organization.
Data loss prevention is sophisticated software that says you can't email that file because it has social security numbers or healthcare information in it. We're all putting in DLP technology that adds to security awareness training, but are we putting in the DLP technology to cover things like wearable technology? It's one thing to say I'm going to keep certain data from Dropbox or from being emailed or being put on a thumb drive. What if my wearable device can collect some of the same information, and it's going to go to a section of the cloud that my employer doesn't even know about? That becomes a governance issue too. Wearable technology brings up a lot of the same risk concerns that we have today, it's just they are proving to be a new source of possible leaks.
As told to Ben Cole, site editor.
Mobile management tools to alleviate BYOD challenges
Information classification helps thwart 'dark data' risk
Addressing governance challenges brought on by limited mobile data security plans
Dig Deeper on Information technology governance
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.