Undoubtedly, the biggest, boldest and most alluring consumer show on the planet \u2013 the annual Consumer Electronics Show (CES) \u2013 is happening this week in Las Vegas. And even a non-earthling can hazard an educated guess that every category of device \u2013 home, health, transportation, hygiene, fitness, entertainment, sports, etc. \u2013 is going to have a few of the same common attributes.Everything is going to be connected to the Internet, claim to have some form of AI, an app that screams for attention, integration with a smart assistant like Alexa or Google Home, integrations with third-party connected devices and platforms, and claim to make you better, faster, stronger\u2026you get the picture.Here\u2019s one more similarity most of these gadgets will have, and it\u2019s one that should scare us all, consumers and manufacturers alike: a blind eye when it comes to defining and defending consumers\u2019 rights.But to begin with, let\u2019s delve one level deeper into what all these devices are doing:DataThe underlying currency that makes everything at CES tick. Every device is mining for data \u2013 from intrusive ones like pacemakers that know your innermost heartbeat to more subtle offerings, such as fashionable eyewear that searches for every eyebrow twitch and gleam of sweat on the forehead on an unsuspecting observer, making predictions (right or wrong) about their mental equilibrium, social status, financial status, etc.PredictionsThis is where the more advanced vendors have an upper hand. The more data you have, the better your training algorithms and the more accurate your predictions. But better predictions beg for more data \u2013so mining consumers for data becomes a staple diet. And poor predictions can have some pretty unfortunate ramifications, such as Google returning images of African-Americans for searches on words like \u201cgorilla\u201d and \u201cchimp.\u201dActionThis is the manifestation of the prediction. An insulin injection instructed to pump more insulin after detecting a precipitous drop in real-time blood sugar levels, for instance. Or a treadmill that slows down after detecting the runner is dehydrated and might pass out.But it all starts with data. Lots of it. And that data needs to be stored somewhere. And protected. And unnecessary data disposed of before it becomes a liability. And consumers made aware \u2013 in simple and comprehensible language \u2013 as to how this data is being collected. And how they can demand it to be handed over. Or destroyed.That should be making headlines at CES. It is not. And that needs to change, starting with the manufacturers (although consumer education needs to happen, too).How?The CISO and her team need to start exercising more muscle when it comes to product decisions. Imagine if the CISO\u2019s team at iRobot had exercised judgment and prevented the product team from introducing the feature that allowed the Roomba vacuum to collect detailed home floor maps and send it to the iRobot cloud? (And then share that data with 3rd parties, all unbeknownst to the customer!)Create a data collection timer that expires after a default time and can only be renewed with the expressly stated purpose. Easier said than done? Not really.The technology to timestamp data collection is already there. Ditto for expiration. Is there a scale problem if the device collects petabytes of data every single day? Absolutely. By enforcing data expiration timers, this would enforce a discipline to only collect data that is absolutely needed. Collect only data that is absolutely needed and destroy data that was collected previously that does not serve any need. Data Minimization. Magically, this could also be a service to the consumer \u2013 data portability and destruction. General Data Protection Regulations (GDPR) demands this anyway.And finally, as a CISO or Chief Privacy Officer or Chief Ethics Officer, run a periodic fictional exercise of randomly selecting a few data stores\u2026assuming, of course, you know where your data is stored in the first place, and this doesn\u2019t become an eye-opening exercise.Pretend the data has been hacked and made public. How would you react? This might be hard to do the first go-round. But the best time to do probably isn\u2019t when you\u2019re also responding to a New York Times expose and the threat of shareholder litigation. The goal is to prove to yourself and your peers how prepared as an organization you are (or aren\u2019t) to deal with unsavory cybersecurity issues.Are these three silver bullets \u2013 getting involved with the product decisions, data expiration minimization principles and tabletop exercises \u2013 enough to make you sleep well at night? Well, it\u2019s certainly going to make you sleep better than organizations that aren\u2019t doing it. And hasn\u2019t security always been about the theory of relativity? Making your house more secure than your neighbor\u2019s automatically makes his more vulnerable. Applied to digital assets, this is the cybersecurity theory of relativity.Before #CES2019 winds down, I\u2019m optimistic there\u2019s going to be more talk (and walk) about consumer privacy, enterprise ethics and transparent data collection. While truly thinking and feeling cars and cognitive showerheads may dominate the hallways, I\u2019m hopeful this existential conversation is happening simultaneously amidst the din, lights and revelry.