tiero - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What data governance challenges are created by wearable technology?

As wearable technology becomes increasingly popular, businesses could face even more information governance and data security challenges.

Recent statistics have touted the increased popularity of wearable technology as consumers continue to strive for even more connectivity in their everyday lives. As the trend continues, businesses will soon no doubt have to consider wearable technology as yet another potential source of data breach vulnerability.

In this Ask the Expert, Scott Christensen, director of technology at Edwards Wildman Palmer, LLP, discusses the information governance challenges created by wearable technology, including how it could influence companies' compliance and data security processes.

What information governance challenges are created by wearable technology?

A cell phone can record video or take pictures. Wearable technology can do that, but it's not going to be as evident as doing it when walking around with a camera or cell phone. It's pretty important to prepare for that and inform our employees about what is appropriate or not.

Not a week goes by that we are not reading about a major data breach. Gartner predicts that by 2017, one third of Fortune 100 companies will experience an information crisis because of their inability to effectively value, govern and trust their enterprise information. The reality is that governments and other regulatory agencies are clamping down and putting more teeth into audits and privacy awareness. It's a good thing, but it's turning into the 'heavy hammer of compliance.' For instance, I work for a law firm. Law firms do work for hospitals, so now we have to comply with HIPAA laws. We do work with financial service companies and large banks. Regulators are putting a compliance hammer down on them, so they are putting a hammer down on us.

It's a compliance world, and law firms and other organizations are scrambling to put in data loss prevention, or DLP, solutions. The idea is not so much keeping hackers out, but also about how you keep information from leaving. Our own people are our weakest link. For example, say I'm working on a document for a client, or I'm working on something confidential for a healthcare organization. I email that home to my email account to work on it there instead of using what might be considered a more acceptable governance practice. That's a problem. That's part of security awareness training, but it's also putting in technology that will keep the crown jewel-type information from leaving the organization.

Data loss prevention is sophisticated software that says you can't email that file because it has social security numbers or healthcare information in it. We're all putting in DLP technology that adds to security awareness training, but are we putting in the DLP technology to cover things like wearable technology? It's one thing to say I'm going to keep certain data from Dropbox or from being emailed or being put on a thumb drive. What if my wearable device can collect some of the same information, and it's going to go to a section of the cloud that my employer doesn't even know about? That becomes a governance issue too. Wearable technology brings up a lot of the same risk concerns that we have today, it's just they are proving to be a new source of possible leaks.

As told to Ben Cole, site editor.

Next Steps

Mobile management tools to alleviate BYOD challenges

Information classification helps thwart 'dark data' risk

Addressing governance challenges brought on by limited mobile data security plans

Dig Deeper on Information technology governance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think are the biggest information governance challenges created by wearable technology?
I think the biggest challenge is user awareness - wearables will be collecting and creating a lot of information without much action on the user's part, so it'll be important to keep tabs on what that data is and how it is stored. 
Security, costs, and privacy, in that order. Many of today's newer devices come equipped with cameras that are useful for perfectly legitimate functions - but hacking into those devices could provide someone an excellent look at company secrets. Cost control is another major issue - it won't be as bad if these devices replace current technology, since prices will probably be the same, but it's still a problem for startups. Finally, some people just aren't comfortable with wearable technology, and we have to take that into account. 
Yes companies will definitely have to start incorporating wearables into their BYOD and data security policies - the problem is there will likely be a huge learning curve before companies realize exactly what the risks are. In addition to the security, costs and user awareness obstacles mentioned, privacy will also have to be considered -- which could in turn increase costs and decrease security. And unfortunately there will probably be a big high profile breach of a wearable device before companies start paying attention.
Ben is close to the biggest issue. I think it's similar to his point - it's essentially DISCLOSURE. When a journalist or photographer is walking around with their devices, be they DSLRs or audio recorders or even notebook and paper, there is a visual awareness that people have about those devices. If we're to start to implement body cameras in smaller and smaller form factors, we're then in the spy business. Pens with cameras look like pens. Cameras that take photos and audio at intervals actually look like fashion pins or other wearable clothing accessories, not cameras. In fact, the Narrative device looks like a little white or black square. The camera hole isn't that noticeable and nobody who isn't looking for it will understand what it's doing. I think we'll all look on public safety personnel for cameras/wearables, but not on people who are just walking down the street. It's scary.
Information collection and sharing seem to be the biggest governance issues - leading to privacy failures. All of this WITHOUT the knowledge of the user of the wearable - could be extremely risky.
A very risky world ahead. It's fine when my shirt monitors my heartbeat, but quite another thing when my buttons snap pictures and my boss monitors my keystrokes. And then there's security, both mine and my employers, when information can be accessed with no apparent intervention. Yes, of course we can already monitor and track and photograph surreptitiously. But the advent of wearables just make that easier and more pervasive.
Smita hits it too. Without people being aware of what a wearable device IS and what it DOES, you can't have a fully aware population in your business sector. This is going to continue to be a moving target as companies try to see how wearables might help them or hurt them moving forward.
It will be important for companies to try to stay ahead of the wearable trend as these types of devices continue to gain popularity. Companies should try to keep wearables' use for corporate data generation/storage under strict policy before it becomes a problem. However as mentioned before the technology will move fast and companies will have to expend resources to stay up to date with all the potential security and privacy risk coming from employees using wearable devices to do their job.
Wearables are indeed giving nightmares to CIOs - but all kind of devices should be doing this. However, whats unique about wearables is that there are so many wearables in the market - which - 1. We do not know what information they seek and share. 2. They get access to places where phones and cameras are not allowed - tougher to restrict.