The IoT Challenge for Local Governments as Data Stewards
By Derek Werthmuller, CTG Director of Technology Innovation & Web Services
The ‘Internet of Things,’ (IoT) is all around us, every day and everywhere. The boardroom, courtroom, classroom, and coffee shop; wherever you go, people are sporting a smart watch they use as a phone, tracking their activity level with a bracelet, or even using a prescription bottle cap that reminds them when it’s time to their medication. The uses across industries and sectors are seemingly endless and increasingly, local governments are taking notice and beginning to explore how they too might benefit.
The big question local governments need to be asking themselves, is “are we prepared to steward the public’s data in the context of IoT?” While there are some exceptions, we suspect that in many cases, the answer to that question is “no.” Technology has evolved faster than the organizations trying to use them, and public policies lag farther still behind organizational change. IoTs represent a new type of technology that, except in a few cases such as in New York City, is quickly outpacing the range of government structures and policies being used to manage IT investments as well as data collected. All governments considering the IoT, in particular local governments who are already struggling with data stewardship responsibilities, should carefully consider the following three issues.
IoT Technologies Blur Data Ownership
IoT data ownership is conflated by the mix of vendors needed to deploy and support an IoT network. Several models exist to finance, maintain and support an IoT network, and IoT devices can be purchased or paid for as a service. It’s in this type of “IoT as a service model,” that data ownership can become less clear, similar to how data in cloud computing services raises concern of data ownership and appropriate access. Different components or sections of the IoT network may be operated by different partners, each with their own interests. When IoT devices, communication networks, analytical tools, and storage systems are run as a service, the ‘Terms of Service’ agreements with the IoT system vendors may claim that they have both data ownership and use. And, when data from multiple sources and devices are combined and aggregated, it results in new types of data being created, making it difficult to identify the original source of specific data sets. Therefore, effective data stewardship by local governments relies on the government’s ability to address data ownership from the perspectives of all the stakeholders involved. Once ownership is established and agreements struck about how to manage changes to the existing stakeholder mix, then effective stewardship practices can be put in place.
IoT Data is Vulnerable
Once data created from an IoT is transferred to central storage locations (usually either the cloud, city data center or office systems), it can become an additional hacking target that needs to be maintained and secured. For example, in 2015 several cities discovered that quite literally anyone could access the license plate recognition cameras and therefore could also access the data; data that was already in use by the police departments in those cities.
IoT Challenges Current Assumptions about Privacy and Access
Some Getting Started Advice for Local Governments Exploring IoT-Based Applications
As local governments begin to consider deploying cyber-physical systems whether in the form of new sensor networks on light poles and cameras on parking spaces or others, they must invest in new understanding of the accompanying policy and management infrastructure required to ensure that they continue to meet their obligations as stewards of the public’s data. Put simply, local governments need to think holistically and in terms of capability when considering the IoT. To do so, local government officials should ask themselves the following five questions:
1. Do I, as a local government official, understand my responsibilities as a steward of the public’s data?
2. Do I, as a local government official know the capabilities of my team with respect to data stewardship?
3. Am I, as a local government official, fully aware of the implications of the purchase and use of IoT-based applications in terms of my role as a public data steward?
4. Is the the policy, management and technology infrastructure in my local government robust enough to be responsive to the changing conditions under which data is collected, effectively manage that data, secure access to it and permit appropriate access and use?
5. Does my local government have an action plan for ensuring that data is secure and where appropriate, privacy protected, while also ensuring the level of access and use that policy allows?
6. Does my local government have the resources to fill any related capability gaps?