Building a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Building a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Ninth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Priya Keshav is the founder and CEO of Meru Data LLC, a software company focused on building solutions that simplify and achieve corporate information governance goals. Prior to Meru, she was the leader of KPMG’s Forensic Technology Services Practice in the Southwest United States. She received her MBA from University of Florida’s Warrington College of Business Administration. I had the chance to sit down with her this January and discuss IG, the Internet of Things, consulting, and software development.

Priya, you’ve written extensively, often in collaboration with thought leaders in IG including Jason Baron, about the enormous ethical questions emerging from IoT. Do you think there is yet a universal, cross-industry awareness of these challenges or are business drivers in this area primarily the result of European or US regulatory pressures?

I think there is universal recognition that the use of IoT will bring unique challenges and ethical questions. However, I would not call this universal awareness or understanding at this point. The use of IoT is rapidly increasing, the solutions being developed are integrating multiple industries and we are just scratching the surface of what is possible with IoT. I think today, we are at a point where we recognize that some unique challenges are going to arise. I do not believe we have fully understood the nature of these challenges, especially as the uses and applications for IoT are rapidly evolving.

Both industry and regulators are at the same point – thinking about appropriate frameworks for discussing and addressing these challenges. I don’t believe regulatory pressures from either Europe or the US are the primary drivers for the growing awareness. It does seem regulators have more of a focus on the challenges while the industry focus is more around creating newer solutions. There are multiple efforts underway to understand challenges with IoT, driven by both industry and regulatory interest. However, I do not think this is primarily due to regulatory pressure. There is regulatory interest that has industry taking notice but even the industry is realizing the need to manage the unique challenges from the use of IoT. Existing regulations like the GDPR, COPA etc. obviously would apply to IoT. There is increased scrutiny and regulations around data privacy and security in general and that might look like there is increased regulation around IoT. However, there are very few IoT specific regulations like the California SB327.

Regulatory efforts around IoT to date have been more guidelines focused and have tried to not slow down the uptake of IoT. Examples include the recently issued NIST draft report on IoT cyber security standards that provides a great discussion of how risks from IoT are unique and how organizations could adapt their policies to handle this. There have also been integrated efforts with working groups to review existing IoT security standards and initiatives in the US (by the National Telecommunication and Information Administration) and in Europe (Working Group 3 formed by Alliance for Internet of Things Innovation). Other agencies like the the Consumer Products Safety Commission and the FTC have also been gathering comments on their roles in regulating IoT.

With the Meru Data platform, you’ve strived to develop a functional and reporting tool that simplifies and sustains data governance programs for your customers. Is most software today built around policy frameworks, such as FINRA compliance or privacy-by-design, and are these types of approaches even feasible amidst shifting customer wants and seemingly prescriptive laws like GDPR?

Keep Reading

Advertisements

The Olympics of Privacy in Brussels!

Debating Ethics: Dignity and Respect in Data Driven Life, the 40th Annual Conference of Data Protection and Privacy Commissioners

Two Americans walk into a EU Privacy Conference…

Just a few weeks ago, a colleague reached out and reminded me “the Olympics of Privacy” were being held at the EU Parliament in Brussels in late October, and also if I’d like to attend. Well, how the heck am I supposed to turn down an invitation like that? After all, this is the year of GDPR, the NYDFS, the new California Privacy legislation and the ICDPPC has leaders like Mark ZuckerbergSundar Pichai, Tim-Berners Lee, Jagdish Singh Khehar and even the King of Spain all lining up to share their thoughts.

We want to stimulate an honest and informed discussion about what digital technology has done and is doing to do to us as individuals and as societies, and to consider future scenarios. We want to better understand the impact of technology on people of all generations, in all parts of the world, including the way people think, interact with others, develop their opinions, create art and write, how they buy and sell and how they participate in civic life.  – Privacy Conference Statement

Mark and Sundar are likely showing up because they realize the stiff penalties now associated with data security and privacy violations and the rest of the speakers realize that we are on the cusp of a digital and ethical revolution of sorts, one which will affect generations to come. In fact, Debating Ethics: Dignity and Respect in Data Driven Life is probably the most important privacy conference of the 21st century. My wife Abby Moscatel, an attorney and ethicist heard about this lineup and quickly said, yeah… I’m coming with you to this one!

Keep Reading