Editor’s Note: This discussion continues from last month’s Part 1.
As businesses, we all have our trusted partners. They became our trusted partners because they earned it through various actions to prevent issues, or by their responses when issues arose. Some of those partners, though, are facing a new business landscape when it comes to facilitating an AV-over-IP-driven network communications system, and they might not be prepared to answer the required questions if, and when, issues arise.
As a hypothetical, let’s say that you, as a consultant or contractor, specify or provide a client with a room-scheduling solution that ties into your client’s email server to streamline how to book meeting rooms for employees. Now, let’s say that, in order to provide an optimum service experience, you also tie that room-scheduling service into the building management system; moreover, you provide room-scheduling panels that use Bluetooth or near field communications (NFC) technology to know when a user is in the room, so the room will correctly activate the meeting based on arrival.
That sounds like a fantastic way to use the technology for our clients, and it’s a pretty common system example in many Fortune 500 companies. That system, though, is not without its security risks and vulnerabilities. If the manufacturer of the room-scheduling service is tying into the email server to pull calendar information to book rooms, how much access has it provided itself in terms of the data it’s able to pull and monitor when a room is booked? Does it just know the person booking the meeting, or can it see all the attendees who were invited to the meeting? What does the end-user license agreement (EULA) state with regard to how much information it has access to? What does the EULA say about sharing that information with third-party developers to analyze the system performance to improve the product?
Just because you have signed an agreement with one company doesn’t mean that’s the only company that’s going to have access to that information. As was reported earlier this year, there was a class-action lawsuit filed against a company in our industry because of the information it was gathering by monitoring how people were using their product and its accompanying app. The lawsuit alleged that the company was gaining access to personal information about its consumers because it was monitoring what media they were watching or listening to on their mobile devices. That meant, in one example cited, that the company could know the consumers were exploring their sexuality, based on the podcasts they were listening to on their phones; the lawsuit alleged that was a violation of the users’ privacy. The lawsuit also cited the fact that the company had the potential to sell that information to advertisers and target individuals based on deeply personal and private information, simply because they had purchased the…