IoT Checklist: Minimizing Privacy and Security Risks


  • Identify information that your device collects, where it comes from, what it is used for, with whom it is shared and for what purposes.
  • Conduct a privacy impact assessment to identify privacy risks and consider ways that the risks can be addressed or managed.
  • Familiarize yourself with data protection laws in place where the device will be offered.
  • Consider whether any other laws could apply to the device or the persons or industries that will be using the device.
  • Understand the device’s technical limitations that may impact security.
  • Understand the existing threat environment.


  • Limit collection and retention of information to what is reasonable and necessary to operate the device.
  • Describe personal information handling practices in a simple and clear manner and obtain consent.
  • Ensure that any collection, use or disclosure of personal information for “secondary” purposes (such as marketing or targeting) is optional.
  • Implement appropriate security controls, keeping in mind the nature of the device and the information collected, how information is stored and identified threats.
  • Engage experts in de-identification of personal information to ensure it is done effectively.


  • Regularly review existing security measures and update in light of changes to the threat environment or industry standards.
  • Review privacy policies and consent language regularly and any time a change is made to the device or applicable data protection laws.

IoT Checklist:

Privacy and data security are key concerns in the Internet of Things (IoT). The following checklist can help you create a safer and more welcoming IoT environment.


Are you ready to accelerate your business with Nitro?

Find out how to qualify