compliancesecurity

Does your Alexa turn into Chucky when brought to work?

ByOctober 30, 2019
Here’s a spooky breakdown as to why you might want to leave her home

A lot of us love welcoming our personal home assistants like Alexa and Google into our homes. They’re great at giving us weather reports or checking on the status of our orders. But what happens when your fellow employees bring them to work?

For IT pros, employees taking an actual personal assistant device like Alexa to the office can set off alarms when seeking permission to join the company network. But now with Amazon’s move into wearable devices such as earbuds, eyeglasses, and rings that are Alexa-enabled, it may be much easier for employees to sneak in the devices at work.

Our team of certified IT compliance experts here at iland want you to know that these fun little devices are far from harmless when brought to work. They have the potential to go from cute to frightening in almost no time. It’s best to be aware of the potential risks of allowing these devices into your workplace, and their potential data privacy risks.

If you’re managing IT and you’re in charge of your company’s IT compliance, here’s something that could keep you up at night. As we all know, Alexa is always listening. And while you can adjust your Amazon’s privacy settings to delete your own voice recordings, Amazon still has the ability to retain transcripts of your data forever.

Amazon is quick to defend Alexa and her penchant for eavesdropping on conversations, stressing that you have the ability to change privacy settings. However, Amazon is currently defending Alexa’s data privacy and data retention policies against 20 consumer advocacy groups that have lodged a complaint with the Federal Trade Commission in regards to Alexa’s potential infringements of the Children’s Online Privacy Protection Act (COPPA). This movement may be the first of many legal proceedings against Alexa and her alarming policies.

This complaint was lodged after Amazon responded to a U.S. Senator’s concerns and Amazon admitted publicly that while individuals can delete voice recordings, Alexa’s text logs of transcribed audio can travel to the company’s cloud servers with no means to delete them. The data is recorded, transcribed, and cannot be deleted.

Still think it’s cool to bring Alexa to work? Then think about this too.

According to the EU’s GDPR, Article 7, individuals must consent to the kind of data processing that smart speakers like Alexa and Google Home use when actively listening to surrounding conversations for the words – “Hey Google,” or “Alexa.”

To process personal data, Amazon and Google must obtain opt-in consent from users. And while one employee might personally opt-in when they purchase their Alexa, their co-workers haven’t. And neither have your customers.

Remember, if Alexa is ever-present and always listening, where is that data going? And how will it be stored, managed, and potentially accessed by others?

In light of Amazon’s view on data privacy and the organization’s new release of wearable devices, such as earbuds and rings, we all need to be mindful of when and where we welcome smart speakers and smart devices into our lives – whether at work or in our home offices. If you’re prioritizing compliance and trying to avoid potential data security risks, it may be safer to tell employees to leave Alexa devices at home.
Milou Lammers

Milou Lammers

Milou Lammers is a Compliance Specialist at iland Cloud in Houston, Texas. She holds a Juris Doctor from the University of Richmond School of Law and a Bachelor of Arts from Middlebury College. She has prior work experience in legal and compliance advisory services related to data privacy, IT services, tax, financial risk, international corruption, general corporate compliance & ethics matters for companies in the U.S. and E.U.