August 6, 2019 Return to overview

Data Ownership & Your IoT Platform

You Own Your IoT, But Who Owns the Data?


You Own Your IoT But Who Owns the Data

You’re fully invested in the IoT. From controlling factories to monitoring site access, you feel right at home when you’re tying data streams to KPIs. Sadly, good data ownership policies aren’t quite as easy to master.

Your company owns the hardware and software solutions that power its connected computing projects. Naturally, you might believe you own the data too, but never take this for granted. Careless stewardship practices could expose your enterprise fantasies to dream-shattering liabilities.

Ownership in Distributed Computing

Digital asset ownership shares parallels with other forms of legal property possession. Two noteworthy examples are the legal rights and practical powers associated with possessing data.

Think about what happens when your company creates a public-facing marketing website. As the owner of the domain name and server, you can control the data’s presentation, such as by posting or removing content. As the creator, you’re also entitled to any economic proceeds derived from the site. In short, you satisfy both the control and legal rights criteria.

A legitimate visitor to your site, on the other hand, can’t change the main banner or trademark your blog content. Even though they can retain copies of your site — and the data streams that feed it — in their browser, they don’t own the source.

Think Tracking Intangible Data Sounds Easy?

Establishing ownership of physical items is relatively easy. If your labeled lunch bag goes missing from the office fridge, for instance, you can usually straighten things out in short order. While there’s no accounting for devious coworkers who prefer your cooking to their own, mixups aren’t the end of the world.

Contrast this low-fuss lunchtime solution with the complexities of data stewardship. Determining who’s responsible for a file or database is much tougher than assigning an owner to more substantial assets. It’s almost as if everyone brought identical paper lunch bags and threw them in the fridge without labeling them.

Unlike whatever’s lurking in your coworkers’ midday meals, raw data is homogeneous and hard to decipher. To an ordinary human trying to impose order on a messy IoT architecture, a hex dump or a massive JSON configuration file might look like Greek, making it difficult to decide who should be in charge of the contents.

You won’t always have the leeway to examine files to determine their provenance either. As anyone who runs a medical enterprise knows, patient information and other sensitive data need to stay private throughout their lifecycles. This makes it harder to correct resource allocation mishaps after they occur — so perhaps you should invest in preventative measures.

Taking Charge of Information Ownership

Effective IT asset ownership incorporates a number of essential elements:

Possession and Control

Is the party that possesses information always the one that owns it? It depends. For instance, maybe you provide IoT software as a service and routinely handle or process third-party information instead of generating your own. You can’t simply assume that your clients will be OK with you exposing such information to other entities or so-called trusted parties, such as IT consultants.

These kinds of situations are common, and they beget interesting implications. For one thing, the verbal contracts and informal understandings that work for smaller projects and one-off IT partnerships no longer suffice. Instead, any company that wants to retain full command over its data must fashion the control lines from tougher stuff — service agreements.

Good service agreements help you clarify the trickiest aspects of data sharing. They delineate exactly who should take responsibility for stewardship under specific circumstances, describe standard operating procedures and emergency response practices, and promote intellectual property rights. They also let your clients or users know what they can expect from your IoT solutions.

Legal Precedents and User-Generated Content

Although you can’t always control what someone else does with the data in their care, you can easily fall afoul of the law for choosing risky stewards. For instance, imagine it’s widely known that a particular company has suffered a lot of security breaches. You shouldn’t expect any courtroom sympathy when you get sued after that vendor loses your consumers’ data.

Without getting too deeply involved in the legalese, the key concepts to consider here are those of negligence and due diligence. When deciding whether it’s a good idea to enact a new data-handling regime, ask yourself:

• Would someone knowledgeable in your industry reasonably adhere to certain data-safety precautions or professionally accepted best practices?

• What do laws like the EU’s GDPR or the US’s HIPAA say about your responsibilities as a data steward?

• Do you have the necessary compliance frameworks in place to help you prove beyond a doubt that you took every possible action to safeguard your information?

• Could a wronged consumer reasonably argue that you had knowledge of ownership-related vulnerabilities yet failed to act?

Although data privacy laws vary, one common thread is that most nations are moving towards and end-user-centric model. Instead of solely protecting corporate interests, lawmakers are working to safeguard consumers.

Ownership Within the Context of the IoT

Ownership is critically important in the IoT arena. Your network may not be globe-spanning quite yet, but it still represents a stunning diversity of parts that make stewardship all the more vital.

IoT implementations aren’t isolated islands. The IoT links to the cloud to share data, stay current and appease your cravings for mobile performance feedback. These potential security vulnerabilities suggest that maintaining firm ownership could ultimately determine whether you end up in the news for all the wrong reasons.

Even if your data always stays in-house, you’ve opened your doors to third-party APIs, libraries and hardware components. These necessities of using an IoT platform might mean that your handle on the reins is looser than you presumed, but fear not. It’s not too late to divert your data ownership strategy from a ruinous path.

Rethink your IoT use cases to incorporate better ownership practices, and don’t forget about overhauling the underlying frameworks if needed. Positive data control should be a part of your IT culture at all levels. When it comes to your connected infrastructures, the Davra IoT Platform is the logical place to start making changes that ought to be uniform.

Author

Brian McGlynn, Davra, COO

Connect on Linkedin

Stay connected

Davra IoT Platform

Real IoT Solutions in 5 to 7 Weeks

REQUEST A DEMO