According to Get Cyber Safe, the Internet of Things (IoT) refers to physical devices (also called “smart” or “connected” devices) that connect to each other via the Internet. They collect and exchange information with one another and with us to make routine tasks and processes more efficient and convenient. This includes devices such as smart phones, smart watches and smart thermostats.
On this page
- IoT checklist for consumers
- Other privacy and security factors to consider for IoT devices
- Other resources for consumers about IoT devices
IoT checklist for consumers
IoT devices may collect data that is beyond what users would expect based on the devices' functions. Some information stored on these devices may even put users at risk in the event of a security breach.
Make sure the IoT devices in your home environment meet your privacy and security expectations, as well as any expectations you may have about how long your device is expected to last or whether it will work offline.
Don't know where to start? It helps to know what questions to ask. This checklist can help you take stock of the IoT devices you may already own, use or will purchase in the future. You can ask these questions directly to the manufacturer, or do your own research online.
1. Ask how the device is collecting, using, and sharing your data
- Is the device collecting my data? How is the device collecting my data?
- Does it make sense for my data to be collected, used and/or shared in light of the services being offered?
- Is the device using my data? How is the device using my data?
- Is the device sharing my data? How is the device sharing my data?
- With whom is the device sharing my data?
- Is the device collecting data I do not want shared, such as my location?
- Is there an option for me to opt out of the device collecting, sharing or using my data?
- Will I be able to opt out of additional or future features that collect data, without opting out of security updates?
2. Ask about the device's lifecycle, if it can function offline, and if there is product support available
- How long can I expect the device to work?
- How long are security patches and upgrades expected to be available for this product?
- What kind of support is available should I experience problems with the device or suspect the device has been compromised?
- Will the device work without an Internet connection? Can I use the product if the Internet is down? What features work offline?
- Will the device work if the manufacturer ceases to exist?
3. Ask if the device you are buying is from a reputable manufacturer
- Does the company have a good track record when it comes to protecting its customers' privacy and security?
- Check for media coverage online about whether or not this company has experienced a security breach in the past. If so, what was the impact on its consumers? What measures did the company take to prevent future security breaches?
- Are there independent user reviews of the product I can consult?
For more tips on how to approach a business or manufacturer about your privacy and security concerns, check out the Office of the Privacy Commissioner’s tip sheet.
Other privacy and security factors to consider for IoT devices
Don't leave it to chance: take steps to protect your privacy and security
Safely setup your network and make sure your device is receiving regular security updates. Additionally, deactivate automatic information sharing (e.g., location sharing) whenever possible.
Consider the privacy and security of others
Consider the privacy and security of those around you. When guests are in the proximity of your smart home devices with recording features, consider notifying them or turning the devices off.
Securing your device and network
When setting up your IoT devices, make sure to create unique and strong passwords that are not used across multiple devices or services. Provide only the minimum information necessary when setting up your device, including a pseudonym for your real name and try to avoid sharing your real birth date.
Trading in or disposing of your old device
When you're ready to trade your IoT device in for a newer model, your privacy and security should be your top priority. Check the user manual (or the manufacturer's website) for instructions on how to remove data from your device and revert to factory-default settings.
Do not throw away your device. Check out our resource on e-waste for help with responsibly disposing of your old devices.
Other resources for consumers about IoT devices
Consult the Office of the Privacy Commissioner of Canada for additional information about privacy and the Internet of Things, such as reading privacy policies and taking control of personal information.
You may also want to consult The Internet Society's Consumer Tip Sheet.