**4. Proposed framework**

As mentioned in earlier section, the existing frameworks are relevant primarily for thing manufacturer and do not involve end thing consumers. Through this chapter, we seek to provide answers to the questions mentioned in **Table 5** by leveraging a four-phased data governance-driven 4I framework (Identify, Insulate, Inspect and Improve). The Identify phase of the 4I framework (**Figure 4**) comprises of seven key dimensions such as risk, compliance, policy, process, people, data asset and technology (**Table 6**).

**17**

search query (**Figure 6**).

*Privacy of IoT-Enabled Smart Home Systems DOI: http://dx.doi.org/10.5772/intechopen.84338*

[20, 41, 48, 49].

standards [44, 51].

*Key dimensions of the Identify phase of the 4I framework.*

organization structures [55, 56].

**Dimension Description**

Policy, standards and principles

**Table 6.**

Identify stage or phase refers to the key risks, requirements and context. Insulate stage refers to the precautionary measures taken to prevent lapses using technologies and non-technical risk remediation techniques. Inspect stage contains the essential toolkits such as maturity models, audit mechanisms, software agents required to continuously monitor, report and assess the IoT Data Governance Maturity from risk

Risk Risk dimension comprises of the factors that influence both the IoT end user and thing

Compliance Includes legal requirements (e.g., user consent), controls and baselines to be operationally

APP Privacy law, HIPPA and COPPA which are relevant for IoT [50].

Process Defines how various interfaces and functionalities are to deliver a functioning and solution [54]. People The different stakeholders and their accountability in the IoT ecosystem such as consumer,

Technology This dimension includes hardware infrastructure, platforms and software agents that

Data asset Describes the benefit of the data and the salient features of the data [52, 53].

manufacturer. It includes attributes such as lack of consent data breach, legal penalties, service level agreement violation, and lack of upgradability, interoperability and security

compliant. There are a number of regulations such as SOX, GDPR, SPAM Act, Australian

This dimension spans the lifecycle from inception to deletion of data including items such as data sharing, acceptable use of data, data classification and storing rules. A well-defined and enforced governance providing the structure that works for the benefit of everyone concerned by ensuring that the IoT stakeholders adhere to accepted ethical

ombudsman, policy maker, IoT thing manufacturer, IoT cloud provider, Internet service provider and the IoT service operators. People dimension also includes leadership and

notify potential compliance violation through monitoring and workflows [34, 53].

To illustrate how the proposed 4I framework will work in an IoT-enabled home, a use case involving smart refrigerator is discussed in this section. Currently, when consumers buy an IoT device directly from vendors or service providers, they may have very little understanding when agreeing to the privacy policy (PP) and terms and conditions (T&C) before they start using the product or services or application. However,

and value perspectives. The final stage focuses on continuous improvement.

there are several risks associated with the data collected to render the services. For example, the smart refrigerator can track our food preferences, search and order food from online stores [31]. Various traits of the fridge owners' eating behaviors can be inferred based on the search queries. If these data are sent to thirdparty business, they can use the information for the purpose of undesirable targeted advertisements. This can lead to the potential breach of privacy violating regulatory

laws if explicit consent was not obtained from the consumer (**Figure 5**).

The **Identify** phase of the 4I framework discerns the potential risks associated with the consumer's data shared among the data processors in data supply chain. For example, it reviews the laws such as GDPR to understand the data protection rights of a smart home user [57] and ascertains the risk related to privacy and security breach. Policies related to data retention, service level agreement with vendors and data management are implemented in the **Insulation** phase of the framework. For instance, an agent called checkmyprivacyrules (CPMRs) can be installed at user's home router to ensure privacy policy and laws like GDPR are not violated based on a

**4.1 The 4I framework applied to privacy context**


**Table 6.**

*Internet of Things (IoT) for Automated and Smart Applications*

Who has access to the data? Will third parties have access to the data? What information can be inferred from the data?

**Consumer questions Risk factors**

Will my data be shared outside my country? Data sovereignty constraints How will I be informed in case my data are compromised? Data detection and notification of

Can my location be tracked from data? Unveiling of physical address

Are there any known breaches or vulnerabilities about this device? Outdated Firmware What happens when I stop using the product or service? De-authorization

What can I do if my PII is compromised? Password renewal How can I rectify my data? Outdated information

Can I get a copy of my data or access my data? Portability

Can I ask you to remove my digital footprint captured by the IoT

Unacceptable usage of data without consent such as spamming

breach

Unaligned data erasure

[31, 40–45] compiled in **Table 5**.

**4. Proposed framework**

*Key questions in IoT for consumers.*

service?

**Table 5.**

technology (**Table 6**).

an IoT privacy tool or framework, which can address the concerns of the consumer

As mentioned in earlier section, the existing frameworks are relevant primarily for thing manufacturer and do not involve end thing consumers. Through this chapter, we seek to provide answers to the questions mentioned in **Table 5** by leveraging a four-phased data governance-driven 4I framework (Identify, Insulate, Inspect and Improve). The Identify phase of the 4I framework (**Figure 4**) comprises of seven key dimensions such as risk, compliance, policy, process, people, data asset and

**16**

**Figure 4.** *The 4I framework.* *Key dimensions of the Identify phase of the 4I framework.*

Identify stage or phase refers to the key risks, requirements and context. Insulate stage refers to the precautionary measures taken to prevent lapses using technologies and non-technical risk remediation techniques. Inspect stage contains the essential toolkits such as maturity models, audit mechanisms, software agents required to continuously monitor, report and assess the IoT Data Governance Maturity from risk and value perspectives. The final stage focuses on continuous improvement.
