Responsible security

Manufacturers and/or vendors must be responsible for the security and privacy design in the products they manufacture and sell, throughout a clearly identified period.

What we would like to see

Data minimisation will be implemented across all devices and platforms by design. Less data generation and processing means that less data that can be misused or breached. 

Industry will have to clearly articulate the length of time for which they will commit to security updates for a given service or product. It is essentially statement of expiration of the security viability of that connected service. 

Listening and always on devices that are under the control of the service provider will be patched so long as it is processing for that provider. 

Essential reform actions

Companies will have to notify individuals of the life-span of technologies and the period for which they will maintain security updates.

Consumer protection policy should reflect the security responsibilities of manufacturers and/or vendors.