IoT & M2M Privacy Design Guidelines

• Have a dedicated, clear, concise, and easily identifiable privacy practices statement for all relevant devices and services sold or provided.
• Implement your privacy statement in clear, layman terms that clearly identifies the PII and Personal Data that is relevant and not relevant.
• Cover the six basic interrogatives (who, what, when, where, why, and how) for private and personal data collection and use in Privacy Terms.
• Use multimodal communications methods to inform users of practices and rights.
• Identify all PII and relevant personal data used in the system solution, and categorize by its impact level.
• Provide complete users and hardware anonymity privacy in devices and services using opaque random identifiers.
• Disclose the gathering, sales, and usage of user’s personal data.
• Disclose lawful intercept technical collection capabilities and activities in use to extent allowed by law.
• Disclose lawful intercept/use request and disclosure parameters to the extent allowed by law.
• Disclose lawful intercept target-user rights and notifications to the extent allowed by law.
• Inform the user of ID’s and data collected and transmitted from devices.
• Collect only what is reasonable and expected for technical and business purposes; do not collect what is not necessary; do not store what is not immediately necessary.
• Provide fill and complete electronic disconnect for wireless transmissions, or complete electronic decommissioning of device computing state.
• Disclose openly and clearly and local and remote device data collection activities.
• Disclose use of collected PII and personal data in service/partner data mining link-analytics.
• Provide clear, straightforward, and easy to locate user opt-in and opt-out mechanisms for data collection and use participation.
• Provide periodic "user opt-in" selection-state reminder and revalidation.
• Implement adequate security measures to protect personal data confidentiality relative to determined impact levels for data elements.
• Provide the user with clear, straightforward means of implementing a data wipe of device and service account personal data.
• Provide clear user notification of device communications functionality and identity mechanisms being used.
• Provide clear visual markers to identify when devices are actively collecting personal private/sensitive sensor or biometric data.
• Provide notification of device/service/third-party user marking and tracking mechanisms and activities implemented, and when used.
• Do not transmit or store personal data, or activity and location data, unencrypted from/on devices.
• Encrypt all biometric and personal private data both at rest (storage) and in motion (transmission).
• Provide secure, controlled access to stored personal data on devices and services.
• Review helpful privacy resources from NIST, such as the SP800-122, and Australian Government Privacy - http://www.oaic.goc.au/privacy/privacy-news
• Lastly - Be a responsible and authentic privacy and security advocate for users of your products and services.