When it was revealed that Cambridge Analytica gained inappropriate access to personally identifiable information of tens of millions of Facebook users, it brought the conversation of data privacy to the forefront in the United States at a time when the amount of data being collected and processed it set to explode.
An IDC report last year predicted worldwide data will grow tenfold to 163 zettabytes by 2025 -- and part of what will drive that growth is the Internet of Things, the broad set of internet-connected devices, including cameras, microphones and other sensors that are designed in some cases to collect human data.
With the number of connected devices expected to reach more than 20 million by 2020, according to a 2017 Gartner report, concerns over data privacy are rising. An Economist Intelligence Unit survey from earlier this year showed that most consumers want control over what personal information is automatically collected by IoT devices, with 74 percent of the 1,600 respondents saying they fear small privacy invasions could lead to a loss of civil rights.
Meanwhile, IoT security spending is expected to reach $1.5 billion this year, according to another Gartner report. And yet a 2018 survey of more than 100 IoT executives found that nearly 37 percent of respondents aren't confident "their organization could secure and protect all data within their IoT ecosystem."
To Maciej Kranz, vice president of Cisco's strategic innovation group, the increased security and privacy risks mean there needs to be a shared responsibility among software vendors, device manufacturers and businesses.
"It does take a village," he said.
Kranz said events such as the Cambridge Analytica scandal, in which the firm misused a massive trove of Facebook user data for political purposes, creates an opportunity for companies "to dramatically simplify and establish transparency about data."
"[If] the value proposition for me as an individual or me as a business is very clear, then I can make a decision whether I want you to use my data or not," he said.
"That's why I think we as an industry have failed because we made it so difficult to understand what the data is going to be used for. And I think it's an opportunity for us to come clean and be transparent," Maciej added. He said this will "lead to much healthier and much more transparent business models."
For Mike Marcellin, CMO of Juniper Networks, events like the Cambridge Analytica scandal and the passing of the European Union's General Data Protection Regulation will lead to a "societal calibration on what we believe is personal data, what should be shared, on what terms it should be shared."
"I suspect at some point there will be a GDPR-like thing that hits the U.S. If you go to China, the attitudes are very different about willingness to be surveilled and just all that. That tells me there is no right or wrong per se, but it does say that you got to do right by your customers and your users," he said.
As for whether there could be an IoT-related privacy breach on the same magnitude as Cambridge Analytica, executives at Avnet, Cambium and Comtech believe there could be.
"I think anything is possible. I think there's some very intelligent people who don't have good things on their mind all the time," said Lou Lutostanski, vice president of IoT at Avnet.
Brian Salisbury, former vice president of product management at Comtech, was careful to point out that not all IoT devices raise privacy issues, such as those that collect various kinds of non-human data.
"It totally comes down to what kinds of devices are going to be deployed in the greatest volume," he said.
Bruce Collins, director of product management at Cambium, said "the risk is there" with networks currently out there that are vulnerable to data privacy and security breaches.
"The challenge that we keep hearing about from our customers is that they're aware of that vulnerability and threat. it's sometimes difficult to turn that into action," he said, because of budgetary limits.
But the issue isn't just about protecting against cyberattacks. Businesses will also have to decide how much data they should collect and how much of that data is stored, Collins said.
"I think people need to be more careful about it, and that's probably an outcome of the Cambridge [Analytica scandal]," he said.