Smart Devices: Convenient, Helpful, Fun, and oh yeah, Potentially Breaching Confidentiality – Lexology

Whether you are an attorney advising clients, a medical professional treating patients via telemedicine, or anyone else working remotely, your second workplace or office might be providing more than just convenience. If you have a smart home device, such as one of the many varieties now available from companies like Google (Home/Nest), Amazon (Alexa), Microsoft (Cortana), or Apple (Siri), your remote work discussions (and conversations in general) may be less private than you realize. While convenient and sometimes helpful, these devices might be creating a record of more than your favorite songs and compromising your patient’s, client’s, or company’s confidential information.

First, it is important to note that these devices are always passively listening to their environment in order to respond to their “wake” word, i.e. “Alexa” for Amazon’s Echo device. Further, these devices can and do activate inadvertently as they “hear” sounds that are similar to their designated wake words or when their wake words occur in songs or television shows (South Park famously pranked millions of users in 2017 when characters on the show addressed their own devices, thereby activating their real-world counterparts).

Second, when these devices are activated, whether intentionally or by accident, a recording is made and stored by the device maker of everything the device “heard” while active. These recordings can be tied to names, account numbers, and even precise location data depending on each device’s configuration and manufacturer. Not only are these recordings stored outside of your custody, they can be:

  • reviewed by employees or contractors of each device maker;
  • subjected to subpoenas or court orders and used in legal proceedings (recordings and other user-generated information from Zoom or Microsoft Teams can also be discoverable);
  • accidentally sent to other users or contacts;
  • used to send you targeted ads; and
  • vulnerable to cyberattacks on company servers.

So what to do?

  1. Do I really need this device in here? Decide if you really need that smart device in your home office space. Or, could you live with it being moved to your kitchen or shut off entirely?
  2. Exercise choice and control. If you do choose to keep your smart device around areas in which you wouldn’t like recordings made, you can adjust the privacy settings for each account associated with your smart devices to prevent recording, as well as review and delete recordings

Below are links to instructions on how to access these privacy controls:

At a minimum, all businesses should educate employees on the risks posed by smart home devices and update any work from home policies to ensure that the devices present in remote work settings are not inadvertently compromising company or client data.

Source: https://www.lexology.com/library/detail.aspx?g=be12fea4-7b58-4595-a5e2-cc6df4823922

Tags:

Leave a Comment

Your email address will not be published. Required fields are marked *