You enter your office excited about starting the day and, like many employees, you swipe an identification card near the strike plate near your office suite in order to identify who you are. The security credentials about you are entered into the firm’s database of authorized building users. Those credentials let you enter the suite. Because you arrive early in the morning before anyone else is working, the lights automatically come on because your firm chose Smart Grid technology. That technology automatically turn the lights on and off as soon as it recognizes you as a unique user of the system for that part of the building.
You walk through the building and your movement activates the motion detector for several security cameras. Each security camera records your location, time of entry, and other information into the security media device capturing your movement. Those devices are refreshed every 48 hours, the time frame set by your building manager.
You go to your desk and put down your things. Before you begin the day, you check your smart phone or another device supplied with geolocation technology to look on a map for an address, and it tracks your present location for use with your automobile later. You turn on your desktop computer or dock your computer into your docking station so that you can begin working. You then log into several of the firm’s systems by entering two sets of passwords each of which is set to a unique profile about you that either you or a system administrator created for you.
You’ve just verified at least five personal information identifiers unique to you in five unconnected databases. In most instances those disparate pieces of information about you would not be of interest to anyone in particular, but what if they were? What if the information that verified your identity and credentials when you swiped your ID not only turned on your computer and logged you into your most used databases, but also had a great cup of coffee flavored the way you like it waiting in the staff lounge. Could all of these passwords and interactions be connected? Could someone put all the pieces together to discover who you are, what your health habits are, and when you are about to graduate from law school? Welcome to the Internet of Things (IoT).
The IoT refers to “things” such as devices, smart chips, smart phones, or exercise bands which contain electronics, software, sensors or other types of connectivity tools intended to relay personal information that they’ve collected about you to those other connected devices. Simply put, IoT is the concept, and perhaps the ideal situation, of being able to connect any device that has an on and off switch to other devices with similar connectivity capabilities or to the Internet. But, in any law firm setting, are the potential privacy violations involved in creating this much connectivity and providing this much information about yourself a good idea?
The digital stores of information already collected about each of us grows with every digital interaction; starting from the creation of a birth record. More and more information, much of it meaningless, is collected and stored about each of us in a variety of databases. In the IoT world of more and more connectivity, some of that information that you might want to keep private, and will have no ability to delete, will be out on the web somewhere. If, when you signed that boilerplate agreement to gain access to a website you didn’t notice that the vendor also committed you to sharing that information with information brokers who could combine and share it, that is the point at which privacy intrusions could take place. Data brokers are likely to find your information, compile a profile about you, and share it with others who want to sell you something or find out more about you. You might find that you’ve given away a piece of information about yourself in order to get a free product only to discover later that you gave away something more important; your right to privacy.
If you are unaware of how privacy intrusions could affect you or your family in all aspects of your life, I encourage you read several books on the topic. Daniel Solove’s The Digital Person: Technology and Privacy in the Information Age (New York: New York University Press, 2004) is a good, quick read, and Professor Solove provides great information that was true a decade ago. Throughout his legal career he’s used that information to predict some of the data collection problems that would arise today. Another good overview of the area is presented in Charlene Brownlee and Blaze D. Waleski’s, Privacy Law (New York: Law Journal Press, 2012). It’s chock full of information about data collection and more. A final book that is definitely worth reading in order to discover how the law could evolve to cover some of the privacy violations that occur each time we read a digital book are set out in Neil Richards, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (New York, NY: Oxford U. Press, 2015). Happy reading!