Legal liability and insurance costs will provide a business case for the right amount of security to be added to IoT data. There are some specific questions that we’d like to explore. Who owns "information"? What right is there to IoT privacy? Is consent really freely given when a big corporate offers the user a "yes/no" decision on 62 pages of T&Cs? Can a small, sacrificial company carry such large liabilities?