This post was written by Frederick Lah and Khurram N. Gore.
Seemingly every day, new types of wearable devices are popping up on the market. Google Glass, Samsung’s Gear, Fitbit (a fitness and activity tracker), Pulse (a fitness tracker that measures heart rate and blood oxygen), and Narrative (a wearable, automatic camera) are just a few of the more popular “wearables” currently on the market, not to mention Apple’s “iWatch,” rumored to be released later this year. In addition, medical devices are becoming increasingly advanced in their ability to collect and track patient behavior.
As wearables become more sophisticated and prevalent, they’re beginning to attract the attention of senators and regulators. Earlier this week, U.S. Senator Chuck Schumer (D-N.Y.) issued a press release calling on the Federal Trade Commission (“FTC”) to push fitness device and app companies to provide users with a clear opportunity to “opt-out” before any personal health data is provided to third parties. Schumer’s concern is that the data collected through the devices and apps – which may include sensitive and private health information – may be potentially sold to third parties, such as employers, insurance providers, and other companies, without the users’ knowledge or consent. Schumer called this possibility a “privacy nightmare,” given that these fitness trackers gather a wide range of health information, such as medical conditions, sleep patterns, calories burned, GPS locations, blood pressure, weight, and more. This press release comes on the heels of an FTC workshop held in May that analyzed how some health and fitness apps and devices may be collecting and transmitting health data to third parties.
Schumer’s comments were of particular interest to us. We’ve been beta-testing Google Glass for the past several months as we try to get a better understanding of the types of data privacy and security risks that wearables pose in the corporate environment. As the devices continue to gain popularity, we expect regulators, legislators, and companies to start paying closer attention to the data security and privacy risks associated with their use.