Federal Trade Commission chairwoman Edith Ramirez addressed the issue during a speech at the Consumer Electronics Show on Tuesday.
"Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks," she said, noting that the integration of these devices into homes, cars, and even users' own bodies will give companies greater insight into the most private parts of peoples' lives.
It's unlikely this trend is going to slow down anytime soon. Much of the online innovations relied on by consumers were built upon data-for-services deals: Rather than paying for e-mail, millions have free inboxes in exchange for companies digitally skimming through their messages to better target them with advertisements.
This has some pretty obvious and inherent risks for consumers: They are turning over an unprecedented amount of information about their behaviors and beliefs every time they click through the terms and conditions of a new service, often times without fully understanding what exactly they are giving up and how it might be used.
Companies like Facebook and Google have managed to turn that data into profits via targeted advertising. For other new tech companies, exactly how they might use data may not yet be clear -- but many decide to hoard data under the assumption that it may be useful to them some day down the line, even if they haven't figured out how yet.
Ramirez thinks that strategy is risky.
"We often hear the argument that to realize the benefits of big data, businesses should not face limits on the collection and retention of data because the value lies in its unanticipated uses," she told the crowd at CES. "But I question the notion that we must put sensitive consumer data at risk on the off-chance a company might someday discover a valuable use for the information."
While there may be some hidden value in the vast amounts of data being stored by companies, such troves can also become massive liabilities -- either by being compromised by outside sources or being misused by the company's own employees.
No recent example drives this point home more than the Thanksgiving week cyberattack on Sony Pictures Entertainment, when huge amounts of internal documents reportedly revealing everything from salaries and performance evaluations to the e-mail inboxes of executives were released online -- effectively weaponizing the company's own data against it.
Essentially, by amassing huge amounts of digital data, companies are also becoming responsible for safeguarding that data. But it's much more complex to secure systems that likely maintain connections to the outside Internet than it is to lock down a dusty physical file cabinet. And failing to do so can be pricey: Sony Pictures is now facing multiple lawsuits from former employees who say the company was negligent in protecting personal data about them.
But there are less obvious ways for company's data collection and management to be a weakness. Ride-on-demand service Uber found itself in a whirlwind of bad media attention in November after comments made by an executive about digging up dirt on an adversarial journalist drew attention to how it safeguards rider data. By the time things settled down, the company had taken unspecified "disciplinary actions" against one manager for tracking a Buzzfeed reporter without her knowledge or consent using the company's ominously titled internal interface, "Godview."
But the public unease with Uber's data management hasn't stopped other companies from engaging in similar data hording. Competitor Lyft, for instance, keeps rider data indefinitely -- even if a user deletes their account -- according to their terms of service. In a recent letter to Sen. Al Franken (D-Minn.) the company defended the stance, saying there were many reasons to keep the data around including law enforcement requests and fraud prevention.
The risks associated with harvesting and securing massive amounts of data will likely only be increased by the ever-burgeoning "Internet of things," with companies no doubt hoping to monetize data about consumers passively collected by devices that will make up that web.
But Ramirez hopes companies looking to expand into the market consider the bigger, privacy-oriented picture -- and in some cases, opt to collect less. "Data that has not been collected or that has already been destroyed cannot fall into the wrong hands," she said.