31 May 3 Devices You Wouldn’t Think Contain Personal Data (But Do)
We all know by now that our computers, laptops, servers and mobile phones all contain personal data. Heck, it’s part of the reasons we love them so much – having everything linked together is very convenient for the types of lives we lead. And because we know the risks involved with holding that data on those devices, we take steps to make sure that data is protected properly. But what about the data we aren’t so aware of? Stored away on devices we wouldn’t necessarily think to protect as thoroughly? That’s what we want to highlight for you today. So, here are 3 devices that you might not think retain any data, but in reality, they do.
You might not think much data can be held in a smartwatch, and even if it did hold data, most of it wouldn’t be identifiable unless you knew the person who was wearing it. After all, a heartbeat is a heartbeat, right? Well, that’s where you’re wrong. Smart devices hold an enormous amount of data on the wearer, from their running routes to how often they are away from home, when they need to take medication and even what time they go to sleep. And they’re not exactly the most secure devices out there. In fact, a team of researchers in Illinois were able to compromise a Samsung Gear Live smartwatch so that it told them the individual keystrokes a person hit on a keyboard based on their hand movements, using nothing but an app they installed by stealth. You can read more about that experiment (and more) here. The point being that, if you use smartwatches, or give your employees such devices as part of an incentive, you need to treat them as a security risk and a potential weak spot for data leaks.
A lot of businesses are using smart TVs as a way to display data, videos and general materials in meeting rooms. They have become the modern equivalent of the overhead projector, and there are a lot of positives to being able to hook into the display technology you need so easily. But smart TVs don’t have a good reputation when it comes to security. They are hooked up to the internet, but they don’t have the necessary computing power to support a lot of the protections that need to go along with that. So if your business is actively using the internet on a smart TV for any reason, you need to make sure you’re keeping it protected. Through that internet connection (that’s so convenient), cameras can be turned on and off, social apps can be taken over, and files on your network can be accessed, modified or deleted. That includes all of the personal data you store as a business, so it needs to be considered a risk point from a GDPR perspective, if nothing else.
Sensors are becoming a pretty big thing in the retail world. By installing a range of sensors within retail shops, the retailer can determine where a shopper spends the majority of their time, where they paused to look at a promotional display, where they didn’t go and how long they spent in each area of the shop. All of that data is as valuable as gold dust to retailers – but it presents some problems. For example, GDPR considers the image of someone’s face a ‘personal identifiable feature’ (as you would hope), which means the business needs consent to hold the image. If the data from those sensors isn’t being anonymised at source (which not all of it is), then those sensors are holding personal information on customers.
At Charterhouse Müller, we help businesses dispose of their IT equipment securely and safely, without any risk of data loss, theft or leaks. We handle the entire secure IT recycling process for you, from collection to destruction, so you can rest easy knowing it’s all in safe hands, and you’re minimising risk whilst disposing of your redundant IT equipment To find out more, just get in touch with us today.