•  
  •  
 

Abstract

A house is equipped with a smart clothes washer, an intelligent HVAC system and a video enabled home security system, all running through the home network - it reduces the noise by doing laundry when no one is at home, saves energy costs by automatically changing the temperature depending who is in a room, lets the owner remotely see the kids walk in the door after school, and keeps the house safe - the owner is maximizing the use of the Internet of Things (“IoT”) devices (i.e. a network of everyday objects connected to the Internet and to each other). However, the home owner has also created at least four points for data vulnerabilities, giving a hacker four opportunities to enter the home. A single hack can allow a wrongdoer to determine when no one is home and access an empty house, spy on the children and collect PIN numbers and any sensitive data recorded by any or all of the IoT service providers, like credit card numbers. When such a data breach happens, what legal protections does a consumer have? What regulatory infrastructure is in place to prevent this type of intrusion, what data is considered protectable personal identifying information (PII), what obligations do the manufacturers have to prevent hacks, and what remedies are available to those whose privacy has been corrupted? This paper attempts to address the growing infiltration of the IoT into everyday life and to answer some of these questions by looking at the current US legal framework addressing privacy.