There’s an unwritten rule that if you blog about manufacturing, you must blog about the Internet of Things.  I blog about manufacturing, so here we are.

Here’s the thing: I think IoT is very cool and very exciting for the manufacturing community at large.  But for the most part, it doesn’t raise legal issues that are particularly novel.  I’ve read all the same articles you have about protecting intellectual property and this and that, but that’s already a concern for manufacturers, and the framework for dealing with it is already there and we deal with it every day.  So I stayed away from the Obligatory Post on the Internet of Things.

But as I was looking at this story about how Adobe may have collected personal data about its users and transmitted it in plaintext so it could be intercepted easily by others, an aspect of IoT that I haven’t seen explored in legal discussions struck me.

Manufacturers will soon have to worry about customer data privacy.

Not protecting IP.  Not protecting customer lists.  But watching what data they actually collect and what is done with that data.

This will be a new world for manufacturers.  Even technology companies can make simple mistakes of inadvertently collecting customer data that they aren’t supposed to collect, or inadvertently transmitting that data in unencrypted form.  And those problems expose the companies to legal trouble, not to mention that they’re a public relations nightmare.  Remember when it was revealed that Sony didn’t encrypt its users’ personal information?

So let’s say you manufacture a refrigerator that can detect when you’re low on groceries, and allows you to order more, like this one.  Now let’s say that, as part of that, it needs to know your name, address, and credit card number (not to mention your yogurt preferences).  You can see the problem that a data breach would pose.

Data breaches are governed by a patchwork of laws, as I’ve written before in the context of customer notification obligations, and civil liability remains an open question.  This may well prove to be a source of spectacular legal exposure.  So get in front of it.  Get counsel in the room with the business leaders and programming group to see what can be done to prevent possible breaches, and how the costs of preventive measures compare to anticipated costs of a breach.  I submit to you that the time for this meeting is at the beginning of the product development process, not as an afterthought as the product is getting ready to go to market.

So, I’m on board: IoT is interesting from a legal perspective.  I’ll get around to my obligatory post on 3-D printing soon enough.