Reading time: 6 minutes

Technology is constantly advancing, and the concept of the Internet is extensively broader than what it used to be. Nowhere is that more evident than the concept of the Internet of Things (IoT) and the risks attached to its expansive connectivity. For some guidance for your business, this article will explain what an IoT data breach is in New Zealand.

What Is the IoT?

The IoT refers to the network of interconnected physical devices that send information to an online wireless network that your business or others may use. You can access the IoT from the devices themselves and other devices that they are connected to remotely.

Notably, these devices can range from personal electronics to widespread infrastructure. Examples of devices that the IoT includes are:

  • fitness trackers;
  • home assistance devices;
  • smartphones;
  • laptops;
  • sensors;
  • health monitors;
  • smart televisions;
  • vehicles;
  • security systems; and
  • CCTV.

We use IoT devices across all aspects of society in areas that people may not immediately be aware of. They allow for fast transmission of information and more efficient systems that aid our everyday lives. As a result, we can gain more varied information in ways that have not been possible in the past.

IoT At Your Business

Because the IoT is so broad and varied, you will likely use IoT devices within your business. For example, for a typical business office, your work phones, company cars, presentation facilities, and staff kitchen smart appliances can all connect and send information remotely as part of the IoT.

This greater connectivity can bring great benefits to your business, making collaboration and reaching your customer easier than it has ever been. However, the IoT generates many security and privacy risks. Many businesses realise these risks exist but do not take steps to adequately protect the range of IoT devices existing within their activities or even know the full extent of the IoT devices their business may engage with. This fact leaves IoT devices open to hackers to take advantage of and exploit.

What Is an IoT Data Breach?

A data breach is an unauthorised person or party who:

  • gains access to your business’ confidential information;
  • misuses, changes, deletes, or loses business data;
  • releases confidential information into an unsecured environment, such as the Internet; or
  • prevents you from accessing your business’ databases.

These examples also apply to IoT data breaches, but the scope for IoT data breaches is wider because of the range of IoT devices that can exist. For instance, a data breach that releases your customers’ personal details into the general Internet will be different from a cyber attack that gains control of your business’ smart cars.

In addition, IoT devices can quickly share very personal information as large databanks, so the consequences of such a data breach can be catastrophic.

The IoT and Your Privacy Responsibilities

Whenever you deal with personal information in New Zealand, you need to follow the Privacy Act requirements. These duties are widespread and affect how you deal with any personal data, including its:

  • collection;
  • security;
  • disclosure;
  • disposal;
  • storage; and
  • usage.

Because of the personal information that IoT devices can collect, it is crucial that you make sure you abide by the Privacy Act if you use them for your business. Customers may not be immediately aware of the kind of personal information you can collect from them through any IoT devices they use, so you need to take reasonable steps to inform them of this fact. Therefore, if you sell or develop IoT devices, it is important that you do so using appropriate documentation, such as a: 

  • terms and conditions document; and
  • privacy policy or statement. 

Additionally, you need to provide reassurances to customers about how you will protect the personal information that these devices collect.

For example, if a good or service you provide uses the location information that a fitness tracker collects, you need to tell customers that it does and how you will protect this information.

How to Avoid IoT Data Breaches

The exact security measures you take to avoid data breaches will depend on the nature of the IoT devices you engage with and will not necessarily be the same across all devices. For example, you can install security software on your laptop to protect the information it holds. However, security measures for protecting the personal information in a fitness tracker may be more difficult to implement.

Therefore, you need to be aware of what security measures are available to you and what security measures you can provide your customers. Some practical tips that can apply across devices include:

  • keeping an inventory of all devices that your business uses or engages with on its network;
  • updating firmware as required;
  • checking that relevant encryption methods are effective and up to date;
  • having strong passwords for devices where they are applicable;
  • managing the security settings on individual devices to suit your needs; and
  • educating and training all staff on what they can do to improve security and privacy when using their devices.

Notably, it may be useful to assign someone at your business the role of managing IoT security and reducing the risk of IoT data breaches.

Key Takeaways

Technology and the information it can share from your business is extensive, especially when the range of IoT devices can be so broad. This fact only makes it all the more important that you manage IoT data breaches as best as you can and lessen the privacy impacts they can bring. If you would like more information or help with IoT data breaches at your business, contact LegalVision’s data, privacy, and IT lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What does IoT mean?

IoT stands for the Internet of Things. This term refers to how different devices can connect to the Internet or a shared network, ranging from smartphones to CCTV.

What is personal information?

Personal information is any information about an identifiable individual. If you can use the information to identify a living person, then it qualifies as personal data.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards