Update: Statement from the USAA after the break…

Google Glass continues to receive a lot of press attention, with much of it being in a negative light due to the device’s camera. And this may be the beginning of yet another saga of Glass bannings, as 9to5Google has learned that USAA, provider of home, life, and auto insurance as well as banking for families of military members, has banned Google Glass from being used by its employees.

The policy in question lists a variety of risk factors that wearable technology can instigate in the workplace. Most notably listed are the malicious implications of Google’s wearable head-mounted computer Google Glass, which include its ability to inadvertently record inappropriate audio in the workplace, its ability to capture potentially sensitive images, a risk of the device being a conduit for external malware, the device’s inability to verify its wearer, its potential safety hazards while driving on company property, and the privacy concerns of other employees.

As a recommended course of action due to these threats, the policy recommends that controls include prohibiting devices like Google Glass for all employees when in meetings, prohibiting use of these devices by employees with access to USAA member information when at workstations, and other controls such as restricting their use while driving and even prohibiting devices which could “inhibit an employee’s view” while walking. Yes, you read that right. While walking.

Our source says that the new rules aren’t local to any particular branch, but are rather a new corporate policy. The actual policy hasn’t been officially published, but the employee that provided this information did say that these new rules (as embedded below) are considered “already in force and that the policy is being revised to reflect.” While Google Glass itself isn’t specifically banned in the wording, the device obviously does fall under that broader category of technology. USAA is banning more than just Glass, extending the new policy to all wearable devices that could pose a threat to customers’ privacy and security.

As USAA is a company that provides services involving a wide variety of personal information, it comes at no surprise that the company would be one of the first to ban a device that customers may see a potential invasion of privacy. However, our source says that there are not similar restrictions on cell phones. Personal tablets and laptops are also not on the list of banned items. Having these items out in the open and being used is supposedly not an uncommon occurrence.

We have requested a statement from USAA to confirm that this is indeed a corporate policy, and will update the article when we hear back.

ImplicationWearable technology shares many risk elements with mobile devices and smart-phones. Some specific risks associated with these new technologies are as follows:Smart Watches: Malicious or inadvertent audio recording. o Activation of the on-board or remote (smart-phone) microphone could result in sensitive discussions being recorded. Malicious use of camera. o Remote (smart-phone) camera could be used to capture images or video of sensitive or inappropriate content. Headwear (Google Glass): Malicious or inadvertent audio recording. o The microphone can be activated manually, via spoken commands, by application, or by malware. Malicious or inadvertent image capture. o The on-board camera is constantly aimed at the wearer’s field of view. Activated via manual, spoken, or application commands. o Could capture inappropriate or sensitive images and/or video content. Malware conduit. o The on-board connectivity, web, application access could be a source for malware targeting the device or connected devices (phone, PC). Data Leakage. o The device evaluated (Google Glass) did not provide additional authentication to verify the wearer. o Data contained within or accessed via the device could be exposed without additional verification. Behavioral risk o Headwear like eyeglasses can become second nature, meaning that the wearer may become unaware of the presence. This could create a safety hazard if used while driving or walking in the workplace environment, increasing USAA’s exposure to litigation and workers compensation expenses. o When encountering a user of head worn technology others may become concerned or uncomfortable that they could be recorded. o Habitual use of audio and video recording could lead to inadvertent exposure of sensitive information. Recommended Controls: Information Security o Prohibit head-worn smart devices for all employees when in meetings (except when worn for demonstration / research purposes) o Prohibit head-worn smart devices for member contact employees and employees with access to portal / member data when at workstation. Physical Security o a o Prohibit the use of head worn wearable technology that could inhibit an employee’s view while walking in the workplace environment.

U: USAA provided the following statement:

The security of our member’s information is our top priority. While we don’t have an official policy on wearable devices, we do take the protection of our members’ personal information very seriously and as such, we prohibit unauthorized use of recording devices while conducting USAA business. As an organization that uses technology to make life easier for our members and our employees, we are studying the potential of Google Glass and other wearable devices and how they can help us more effectively serve our members. In fact, we have several pairs of Google Glass in our research labs and we invite interested employees to submit their ideas about how we can use wearables to improve member and employee experiences. As with any new technology, we must test it extensively before introducing it into the workplace.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news: