The Future of Online Privacy and Personal Data Protection in Africa

African experts are gathered for two days (19-20 February 2018) in Addis Ababa, Ethiopia to contribute to the development of the African Privacy and Personal Data Protection Guidelines. The meeting, facilitated by the African Union Commission (AUC) and supported by Internet Society, explored the future of privacy and data protection and provided some practical suggestions that African states can consider in implementing the Malabo convention provisions related to online privacy. The guidelines are aimed at empowering citizens, as well as establishing legal certainty for stakeholders through clear and uniform personal data protection rules for the region.

The expert meeting comes amidst growing concern across the world on the need to prepare for the EU General Data Protection Regulation (GDPR), which will be enforced on 25 May 2018. The expert meeting is rather focused on creating general principles for African member states in developing good practices now and in the future. The project, a partnership of the AUC and the Internet Society, comes as a follow up to the recommendations of the Africa Infrastructure Security Guidelines, developed in 2017 to assist speed up their adoption and subsequent ratification of the Malabo Convention.

Both the Heads of States Summit in January 2018 and Specialized Technical Committee Ministerial meeting endorsed the development of these guidelines as a way to strengthen the capacity of African states to deal with emerging issues in the digital space.

The African privacy and data protection landscape is still nascent with only 16 of the 55 countries having adopted comprehensive privacy laws regulating the collection and use of personal information (C Fichet, 2015). The African Union Convention on Cyber Security and Personal Data Protection  is considered an important first step aimed at creating a uniform system of data processing and determining a common set of rules to govern cross-border transfer of personal data at the continental (African) level to avoid divergent regulatory approaches between the Member States of the African Union. Now that a continental framework is in place, there is a need for more detailed best practice guidelines on personal data protection to assist countries in the process of domesticating the Malabo Convention into the national laws.

The post The Future of Online Privacy and Personal Data Protection in Africa appeared first on Internet Society.

Internet Society

IoT: The Solution To Improved Government Social Protection

Part of the government’s role is to provide social protection for factors that make people vulnerable. For example, people face unemployment, health problems, and other factors that create physical, economic, and other problems in their lives. Government regulations work to reduce risks that make people vulnerable. When people face problems, public-sector social programs such as health insurance, social welfare, and others provide help.

Here’s how the Internet of Things (IoT) could help government agencies manage social protection programs more easily and effectively.

IoT’s potential for improving social protection

IoT technology can provide benefits for both government agencies and the people they serve. The public sector can use IoT to gather and process data with the goal of running its agencies better and improving services. IoT technology provides solutions to help the public sector work in a more streamlined manner. It can reduce public risks and improve access to social programs.

IoT enables government agencies to perform services better within a tighter budget. Since the cost of IoT technology has gone down and it helps create more efficient systems, it could stretch budgets farther to reduce the burden on agencies and offer more services to the public. IoT technology can also provide better solutions to keep up with risks associated with a changing world.

Directly impacting people’s lives

IoT-enabled networks can help identify risks, reduce vulnerabilities, and manage problems. They can connect “things” such as smart homes and devices with services that help individuals.

The IDC white paper, The IoT Imperative in Public Services: Government and Healthcare, offers the example of wheelchairs, wearable devices, and/or smart homes that assess the health and welfare of elderly and disabled people. Through IoT, connected “things” alert medical personnel when a person needs medical care. IoT can also connect home-bound people with a social support system, reducing vulnerabilities such as experiencing a medical emergency when alone. For example, if a person was unable to push a button because she became unconscious, the IoT device would alert emergency services.

This technology extends beyond houses into the communities where people live and work. Government agencies could use IoT to remotely monitor traffic lights, air quality, sound levels, and other factors that affect people’s lives on a day-to-day basis, managing these factors to improve overall quality of life and cut down on problems. For example, IoT could keep a traffic light green when it would benefit traffic patterns and fuel economy. This technology could also help government agencies keep track of assets such as buildings and roadways.

Challenges to using IoT in the public sector

While IoT shows a lot of promise for public sector applications, it is still used less broadly than in the business sector. Government agencies are commonly known to be slow to change. In addition, barriers such as restrictive regulations and legacy systems can hold back new technology.  The Brookings Institution studied strategic plans of federal agencies in the United States and found that none of these agencies included IoT within their annual strategic plan.

In their article in Deloitte University Press, authors Max Meyers, Claire Niech, and William D. Eggers warn, “if public sector organizations do not start analyzing the implications of the IoT today, they risk being left behind, making it more difficult to effectively regulate or efficiently deliver services in this shifting reality.” IoT could help governmental agency better handle the problems they already face and create solutions that improve the lives of citizens, who increasingly expect government agencies to keep up with the changing technologies used in the business world.

Government agencies are tasked with helping reduce the risks people face and providing programs for people struggling with social challenges. IoT technologies provide solutions that can help government agencies better serve its citizens.

Learn how to bring new technologies and services together to power digital transformation: Download The IoT Imperative in Public Services: Government and Healthcare.


Internet of Things – Digitalist Magazine

Federal Trade Commission: Consumer Protection – Your questions answered

In a recent report, the Federal Trade Commission noted that the IoT can provide enormous benefits for consumers yet at the same time, in its education, policy, and enforcement work, the FTC stressed the importance of taking reasonable steps to safeguard privacy and security when it comes to such devices. Kathleen Benway, Chief of Staff – Bureau of Consumer Protection at the Federal Trade Commission will be taking your questions on consumer protection at the IoT Tech Expo North America on November 30 in Santa Clara, CA. Keep reading to see how you can get involved..

The Federal Trade Commission is a law enforcement agency which looks into the privacy and security promises made by companies in order to ensure that these are kept. IoT devices are the accumulators of a robust amount of data, and the protection of this data is paramount. So how can you be sure that this is being protected?

Kathleen Benway, Chief of Staff – Bureau of Consumer Protection at the Federal Trade Commission will be taking your questions on consumer protection at the IoT Tech Expo North America on November 30 in Santa Clara, CA.

The Q&A session will allow you to ask just that, in addition to dealing with the importance of building security into any device during the development stage, rather than retrospectively. Kathleen, who will be answering your questions, works closely with the Bureau of Consumer Protection (BCP) Director and Deputy Directors on case recommendations, project development and Bureau policy. She represents the Bureau in interactions with Commissioners’ Offices and co-ordinates with the Office of Congressional Relations to respond to Congressional inquiries, correspondence and requests for testimony.

To have your consumer protection questions answered, you can tweet your question with the hashtag #iottechexpo, or email info@iottechexpo.com with the subject: Consumer Protection Q&A.

Guided by Gerard van der Hoeven, Founding Partners at IoT Gurus, your questions will be answered during the Q&A session on the open conference track; Developing for the IoT on November 30 at 2:30pm. Simply register for a Free Expo Pass to gain access to the open conference tracks and more.

The post Federal Trade Commission: Consumer Protection – Your questions answered appeared first on IoT Tech Expo.

IoT Tech Expo

Are there acceptable levels of cyber-security protection in connected cars?

Cyber-security protection is becoming an evermore urgent priority for integrating electronics technology into our lives, but the level of protection attained is a moving target.  As one vulnerability is found and closed, others are detected.  The National Institute of Standards and Technology (NIST) has established a framework that recommends an acceptable level of protection that can be used as a guide.  So how might the automotive and mobility industries, focusing on large-scale adoption of connected vehicles and determine where that minimum standard is set?

The Society of Automotive Engineers (SAE) hosted a panel focused on just that at their Connect2Car Executive Leadership Forum in Silicon Valley in June 2017. IBM’s Giuseppe Serio, Solution Leader for Automotive Cyber Security was part of the panel.

Giuseppe Serio talks about auto security at SAE event

Giuseppe Serio talks about cyber-security in autos at SAE event

Cars are becoming data centers on wheels

Cars have transformed in the last 20+ years from a largely mechanical device focused exclusively on transportation, to a mostly software and electronics-driven data center on wheels.  A typical vehicle today may contain 15-20 Electronic Control Units (ECU), while a premium luxury vehicle might have more than a hundred.  While there may be some ECU consolidation in the future, it is expected to be gradual.  As we move into Advanced Driver Assistance (ADAS) and autonomous driving, the potential for threats is magnified further.

Beyond the complexity of individual vehicles, comes the interconnection of all vehicles on the roads, with a developing smarter traffic infrastructure that further complicates the landscape. Cars are now commonly endpoints as a logical extension of the Internet of Things. The vehicle attack surface is broad and only some of it is owned and controlled by the companies who built and sold the car. Third party services such as satellite radio, telecommunications services and other connection points may be outside automakers’ direct control.

Cars also routinely collect vast amounts of data. Some cities already capture information through Bluetooth recorders to better understand traffic patterns. Data is anonymized and aggregated, but vehicles are already broadly transmitting information that cities are collecting, utilizing and opening up to its citizens.

A comprehensive threat management strategy is key

The cybersecurity world is highly dynamic and threats have been mushrooming as well. Today, there are over 600m known forms of malware in circulation. Here’s a staggering fact: 140m of those came to light just in the past year! It’s not possible to create systems that will defend against them all. A comprehensive threat management strategy is key to staying ahead of problems and to being able to respond to issues in close to real-time. There won’t be a comprehensive “hands off” system for automakers and fleet providers to rely on, there has be some manner of manual intervention at some point in most attacks.

Accelerating security infographic - click for larger version

Accelerating security infographic – click for larger version

Effective security management is also about creativity. We are often retrofitting a system that was created decades ago. Security information is spread across the entire system and should be managed as a process, not as an engineering exercise. One of the unresolved issues in automotive organizations, is where in the organization cyber-security capabilities should be contained?

The automotive industry needs a new mindset

The ability to be dynamic, to communicate and respond to issues as quickly as possible, to intervene in threats requires a mindset that automotive companies are not accustomed to. New opportunities will bring new risks. In order to develop effective security and risk models, automakers need to think outside their accustomed environment. Attackers will likely have an outside view and attack unconventionally. So a culture change is also required to adopt a security mindset.

Fortunately, the automotive industry has a collective recognition that they are all in this together. Attacks against one automaker will affect others in terms of public perception. There’s opportunity and a necessity to collaborate industry-wide on threat intelligence.

.

The impact of shorter car lifecycles

Security must be part of the DNA of the enterprise and manifest itself throughout the full lifecycle of the vehicle. Lifecycles will also be affected by the cyber-security question as we think ahead.  Today lifecycle duration is very clear, but as we start to consider connected vehicles, lifecycles may be shorter. Consider an antique ’60s muscle car or classic BMW or Mercedes. These cars are still on the roads and may be 40 or 50+ years old. They are threat-free as they’re fully mechanical vehicles. But, will today’s Tesla, loaded with electronics and connectivity still be able to be on the road in 20 or 30, much less 50 years?

Security – the newest consideration in auto purchase

In the eyes of consumers, the big pillars had been quality, safety and fuel economy. Now we have to add security as another capability that consumers will be making vehicle selections on. Fifty-six percent of consumers say security and privacy will be key differentiators in their future vehicle purchasing decisions

To start cracking this nut, we have to think about standards…or more realistically can standards even exist? Today there’s no comprehensive security standard for connected vehicles, and there likely won’t be. Things change too fast. There’s room for standards in some areas, but would be very difficult in others. Vehicles also need to be designed to be aware of their status regarding a cyber threat. Vehicles have to be able to self-heal.

Security is a combination of prevention, detection and response

In summary, security is a combination of prevention, detection and response. Automotive enterprises are mostly focused on prevention and detection, as yet, they are falling short on response.

To read more about IBM’s ideas on Automotive security solutions, please download our study Accelerating Security:  Winning the race to vehicle integrity and data privacy.

The post Are there acceptable levels of cyber-security protection in connected cars? appeared first on Internet of Things blog.

Internet of Things blog

The lone worker protection services market in Europe and North America to reach € 260 million by 2021

The lone worker protection services market in Europe and North America to reach € 260 million by 2021

According to a new research report from the analyst firm Berg Insight, the market for lone worker protection solutions and services in Europe and North America is forecasted to grow from € 121 million in 2016 at a compound annual growth rate (CAGR) of 17 percent to reach about € 260 million in 2021.

Market drivers include occupational safety regulations, increasing employee insurance costs and higher awareness of risks that lone workers can face. A growing number of countries are adopting regulations that specifically address the safety of lone workers. Notable examples include the UK, Canada, France, Germany and most recently the US. The penetration of lone worker protection services based on monitored lone worker devices and smartphone apps remains very low in Europe and North America – an estimated 2 percent at the end of 2016. Even in leading markets like the UK, the penetration of monitored services has only reached about 5 percent of the total workforce of lone workers.

A group of specialist companies offering lone worker protection services have emerged on the core markets of the UK and Canada. In the UK, major integrated providers with in-house alarm receiving centre operations include Send For Help Group, which trades under its subsidiaries SkyGuard and Guardian24, as well as the Kings III subsidiary SoloProtect. Additional companies with notable market shares in the UK include Rocksure Systems, Reliance Protect and Safe Apps. Leading specialist lone worker service providers in Canada are for example Tsunami Solutions and Blackline Safety.

Berg Insight chart: mobile workforce solutions usersLone workers rely primarily on dedicated GPS location devices featuring alarm buttons or smartphone apps to send alarms. “The app segment grew rapidly in 2016, and is currently growing faster than the device segment”, said Fredrik Stålbrand, IoT Analyst, Berg Insight.

He mentions that enforcement of legislation in Western Europe and pockets of North America is expanding, resulting in many greenfield customers adopting lone worker safety solutions, especially within the private sector.

Mr. Stålbrand concluded:

“Dedicated devices and smartphone apps are likely to coexist on the market for lone worker protection services due to the broad spectrum of risks across different jobs involving working alone.”

Download report brochure: People Monitoring and Safety Solutions

The post The lone worker protection services market in Europe and North America to reach € 260 million by 2021 appeared first on IoT Business News.

IoT Business News