The University of Edinburgh IoT Research and Innovation Service takes privacy and security extremely seriously.
Connected devices have the potential to collect personally identifiable information and are, by their nature, distributed across a wide range of locations. This means that security is crucial on multiple levels, from the physical security of the sensors and gateways, to the secure transmission of data and the robust security of the resulting aggregated data streams and services.
Security considerations around the whole IoT Initiative are overseen by a Security and Privacy Action Group, which brings together expert researchers on privacy and security including those working on policy, user interfaces, and technical security at all levels.
In addition, a Governance and Ethics Action Group ensures that, in addition to practical matters of security, the Initiative as whole adopts a practice which is ethical and well-aligned with reasonable expectations of citizens, using appropriate consent processes, policies, and carefully managed (re-)use of data. You can read the current document outlining the IoT Ethical Principles (PDF) here.
The IoT infrastructure has been developed with privacy and security in mind from the outset, including containerization and hardening of servers. We have commissioned a comprehensive security audit to further provide assurance to all users of the IoT Research and Innovation Service, and to citizens of the Edinburgh region who may interact with our sensor network.