Blog

Can Fitness Trackers Pose a Privacy Risk?

april 30, 2021 | internet privacy
Can Fitness Trackers Pose a Privacy Risk?

What would Dick Tracy think of the devices we wear on our wrists today? Perhaps his circa 1940s two-way wrist radio inspired today's smartwatches, but this vintage comic book hero never gave privacy concerns a thought. Today, that's a valid – even vital – concern. There is data that can leak out of some fitness trackers. 

 

You can choose between a slew of devices that strap on your wrist and track your health, but is your data secure? They monitor sleep patterns, heart rates, menstrual cycles, and locations. There are even those that will take an ECG out in the wilderness to measure heart activity. A whole lot of personal data lives inside those tiny trackers. 

 

Progress Made

 

The landscape has changed significantly since 2009, when the first devices hit the market. Privacy was an afterthought and the majority of available devices had no privacy policy. None. 

 

Changes started by 2014 when Congress got involved. Leading manufacturers agreed not to sell or share user data unless required by law or when customers opt-in to sharing. But not all makers of fitness tracker makers were on board.

 

What Could Possibly Go Wrong?

 

The Health Insurance Portability and Accountability Act or HIPAA protects the privacy of protected health information (PHI). The U.S. Department of Health and Human Services stated recently that HIPAA does not cover most health monitoring tools.

 

Translated, this means there’s little protection for PHI on fitness trackers except what the manufacturer's privacy policy spells out. If you entered data on drug use, for example, it could be sold if you select the wrong health device maker.

 

Privacy Shopping 

 

Since these devices stash data on locations, steps, GPS, and other personal info, you need to understand your mechanism's privacy framework.

 

You may not be able to read the privacy policy in a store. Do some homework online before you buy.

 

How Much Privacy Is Enough?

 

Privacy documents can be daunting but are worth the read. You can search for words like "share," "aggregate" or "sell" to cut directly to the core details.

 

Keeping up with the rules is a constant process, not a one-time effort. Remember, this is a fluid concept; buried in privacy texts, a reference generally indicates your data gets wrapped into any future acquisition, so you’ll need to check again if the maker is sold.

 

Shield Yourself

 

Once you select a device, take steps to add optional protections or reduce the risks of exposing your PHI.

 

  • Decide the degree of risk you're willing to accept. As noted above, apps sometimes disregard best practices, so anticipate mistakes.

  • Pay attention to how it connects to your other devices. Bluetooth is the preferred method since it only connects when a transfer of data is needed unlike WiFi. 

  • Keep the app up to date. Updates often include privacy or security enhancements as well as bug fixes

  • Explore the settings to determine how much data you can lock down. Check the default settings which all too frequently make everything public and change them to better secure your data.

Alert the FTC if you discover privacy holes in your new purchases. Complaints can be filed at FTC.gov. 

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.

 

Let IDShield Help Protect Your Data Today.