Machines talking to machines.  Once the province of science fiction, the Internet of Things is set to transform industries as visionaries incorporate its wide reach into everyday objects. On a very simple level, the Internet of Things (IoT) describes the freeing of communication from the domain of computers and smart phones by allowing all types of devices to share information across the internet.  ‘Things’ like cars, fridges, health monitors, water meters and so much more can be empowered to create, send and receive data over the Internet reaping benefits in a variety of areas such as monitoring, automation, analytics, and marketing.

As noted by Forbes, “anything that can be connected, will be connected.” It seems that almost anything with a sensor can be wired up to transfer or receive information.  The implications for the expansion of information assets and improvement in device control cannot be overstated.   Device to device communication is not new. Inventory management systems, time card swipes, and global positioning systems are examples of items that utilized telemetry and other kinds of networking to transmit data. The revolution of the IoT is that the medium of transfer (the Internet) is innovative and the volume, scope, and scale of the devices that are projected to take advantage of it is unprecedented.  The IoT has been fueled by expanded access to the internet, improved wireless technology, implementation of Big Data analytics, and the extension of internet addressing protocols.

This new technology and expanded standards have opened the floodgates for an estimated 20 to 200 billion new devices connecting to the internet by 2020. Expanding beyond digital consumer devices, the Industrial Internet of Things (IIoT) has enormous potential to connect the physical world including machines and factories that are responsible for over 75% of the world’s GDP.   As the imagination stretches thinking of all the possible uses of the IoT and IIoT, one very practical consideration comes to the forefront.  The IoT creates information, and this information must be managed. Even corporations that have strong, well implemented information governance strategies will find themselves challenged by the volume and reach of Internet connected devices.

Read our recent blog article, “How IT can take the lead in Information Governance projects

Challenges for Governance

If your organization is dipping its toes into Internet enabled devices or has jumped full force onto the IoT bandwagon, it is essential to consider the challenges in managing and protecting information aggregated by these new technologies.  Issues that crop up with typical Information Governance (IG) strategies are exponentially magnified with the volume and limitless endpoints that define the Internet of Things. Each area of IG that will be effected and must be considered are:

  • Retention
  • Deletion
  • Storage
  • Disposal
  • Security
  • Privacy

The sheer volume of information from Internet enabled devices is enough to bog down even the most robust systems.  The ‘keep everything’ approach cannot work with the oceans of data generated by internet enabled devices.  Everything from data maps to back-up procedures is impacted. Deciding what to keep and what to eliminate is critical.  Data of sufficient importance must be protected while records of low value must be disposed of intelligently.  Automated classification can help sift essential data from the chaff.  Additionally, policy and procedures should regularly eliminate redundant, outdated or trivial (ROT) records.  Because the amount of data is so much greater from IoT sources, defensible deletion becomes a governance priority.

The variety of data that can be gathered with IoT devices is astonishing, but it comes with the critical responsibility to protect and secure that information.  Privacy is a key consideration that is especially important in highly regulated industries, like finance and health care.  Although data protection laws vary by industry, this is a highly visible area of the IoT for everyone.  The expanded reach into control, customization and personalization of information opens up companies to far worse liability than today’s already newsworthy lapses. Tied directly to privacy is security and data loss prevention.  Good IG strategy stresses the importance of being proactive in establishing a balance between efficient flow of information and the protection of sensitive data.  The stakes are even higher with the IoT.   Data breaches of employee records or PCI can cause PR nightmares, so imagine what might happen if hackers could take control of internet enabled machines!  To prevent such occurrences, investigating and implementing new security frameworks should be top of the list for both data in transit and data at rest.

If your company deploys internet connected devices, the information gathered will likely become discoverable in the event of litigation and compliance inquiries.  Collection of IoT data is very challenging. The stronger your information governance framework, the more effective the eDiscovery efforts.  Putting a plan together well in advance of litigation helps ensure the preservation of relevant data and avoid inadvertent spoliation.  Some eDiscovery topics for the IoT include:

  • Who is responsible for the IoT device, data, and who has rights over it? The identification of business units and key personnel will be essential to help draw up policy and provide understanding for legal teams as discovery moves forward. Data used by one portion of the company should be understood by other portions.
  • Where is the data? Traditional data maps don’t work with so many sources so new identification methodology might be needed.  Tracing custodians may be very difficult without expert knowledge.
  • What is the data format? How can it be made usable? The data may be formless – without context individual bits of information may have no meaning.  Communication becomes essential to parse meaning from raw data and pull relevant detail from the chaos of available information. Without framing the data, it cannot be reviewed effectively.

How can the data be collected? As noted in an ACEDs panel discussion, pre-discovery and efficient organization of data is key to keeping costs in check and informing discussions on proportionality and reasonably accessible data. Prioritization of efforts should focus on areas where the most important information resides.

Information governance should be included from the start of an IoT deployment.  Managing risk is essential.  Devices should be designed with privacy and security in mind.  Stakeholders, legal, product management, and engineering should all understand the ramifications of sensitive data while keeping in mind down-stream systems ability to handle volume, analytical needs, and eDiscovery implications.

With the Internet of Things, science fiction has become reality and the future is here. Whether the IoT is on the horizon or knocking on the door, it is important to think about the implications of your information governance strategy sooner rather than later.