Infosys experts share their views on how digital is significantly impacting enterprises and consumers by redefining experiences, simplifying processes and pushing collaborative innovation to new levels

« Data Lineage | Main | Graph DB - A Simpler Approach to Data »

IoT Data Protection - Privacy by Design

IOT - Internet of Things, connects physical and virtual objects, and can handle a large amount of data captures, transfers, storage. The global IOT market is expected to grow into a trillion-dollar business in the next few years. With having application in various fields, IOT has been used to connect with remote objects, collect data, process it, transfer the captured data, and store it in a database. IOT helps in getting data from places, where we cannot connect physically with a simple internet connection. Consumers can be institutions, individual researchers, or enterprises. With customers range at various levels, we must protect the data collected from the consumers and the data captured by the IOT devices. IOT devices can have various sensors and components, and it is important to protect it from every aspect. 

The smart objects, which help in decreasing human intervention on a task, need smart data protection in order to avoid incidents like Casino data leak or Orvibo data leak. Let's study these incidents in short.


Casino Data Leak:

A major data leak of high paying customer information was uploaded to a public cloud from the casino. The casino had a centrally connected IOT based temperature sensors for the aquarium.  Connecting the temperature sensor connected with the Wi-Fi, served as the entry point in breach. 


Orvibo Data Leak:

Orvibo manages the smart home IOT application in various countries. SmartMate, the database platform used for this had no password, leaving 2 million customers smart devices unprotected with around 2 billion records. 

All the above cases didn't have an efficient data protection plan, which led to the exposure of billions of private information to the public. Thus, it is necessary to plan data privacy and protection from the start.


Privacy by Design:

The concept of designing the framework by proactively including the required privacy-protective measures into the design of information technology systems, networked infrastructure, and business practices from the start helps identify the vulnerable areas.

Privacy by Design advances data protection and privacy from the start. Data privacy has become an important factor in the buying process of many consumers. Consumers today are more conscious of the importance of data protection due to high profile data breaches that have occurred in the past. Companies investing in data privacy may be able to win consumer trust more easily than companies that do not. Organizations prioritizing data protection will gain a significant competitive advantage. Below are mentioned best practices while adapting privacy by design. 

• It is important to think and implement privacy from the early stages of the development process considering the sensitive nature of personal data collected

• Collection and processing of personal data must be strictly limited to the defined purpose and personal data must not be used for any other purpose

• Avoid collecting or processing personal data that is not necessary for fulfilling the purpose of processing and limit the amount of personal data collected

• The application should allow data subjects to delete their personal data whenever they choose to do so

• Implement strong cybersecurity measures that are consistent with industry standards, as its essential for safeguarding the privacy

• Information should be provided clearly on what data processing will be done on the personal data by the application


Infosys offers Enterprise Data Privacy Suite (IEDPS), which can help in avoiding the data breach incidents and abiding with data privacy regulations. A data leak from a hacked IOT device can have adverse effects, so we must protect the data stored in IOT cloud databases. Before protecting the data present, it is necessary to identify the sensitive fields at first. Secondly, encryption to those sensitive fields should be done. Below are some key features of IEDPS

• Data Discovery

• Regular scan of the database and finding the presence of sensitive information helps in understanding what data should be protected.

• Data Protection via Masking

• Around 180+ novel algorithms are present to choose from. Sensitive data identified in the discovery are masked with suitable algorithms. 

• Data Subsetting options are provided too.

• Test Data generation, which generates realistic test data, almost comparable to genuine data for better testing

• Efficient data copying options.

Along with a well-planned privacy design for IOT, IEDPS has various ways to protect the customer data and help organizations abide by the data privacy rules. 


Written By : Rohini & Avin

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.