Identifying personal physiological data risks to the Internet of Everything: the case of facial data breach risks

The paper addresses escalating security and privacy risks to personal physiological data within the Internet of Everything (IoE), focusing on facial data due to its ubiquity and sensitivity. Despite widespread deployment of facial recognition across sectors and growing regulatory efforts (e.g., GDPR), breaches persist due to complex IoE ecosystems, abundant data flows, and fragmented risk identification frameworks. The research question is how to systematically identify and structure the risks leading to facial data breaches across the data lifecycle. The purpose is to use a rigorous accident-analysis method to map causes and prioritize controls, thereby informing individuals, enterprises, and regulators. The study’s importance stems from the severe, potentially irreversible harms of physiological data leaks to individuals, organizations, and national security, and the need for comprehensive, lifecycle-aware risk management in the IoE.

The authors survey how IoE expands the generation and application of physiological data across terminals, applications, and cloud infrastructures, including advances such as the Internet of Nano Things enabling pervasive sensing. They review the proliferation of facial and human body recognition, emotion recognition, and biofeedback applications in domains like healthcare, finance, and education, alongside corresponding privacy risks. Prior work identifies numerous breach sources (devices, technologies, third parties, user behavior, malicious actors) and highlights data liquidity as a key risk locus, yet lacks unified, systematic methods to model causal relations among risks. Facial data is distinct due to contactless, wide-scale collectability and variability, leading to higher breach frequency and impact relative to other biometrics. Existing studies typically use empirical case reporting or questionnaires; some separate direct (tech/device) from indirect (insider/system) attacks. Gaps include limited lifecycle-oriented analyses, absence of accident-management methods (e.g., fault-tree) for data breaches, underexploration of physiological data’s multifaceted harms, and insufficient breadth of cases to capture systemic risk.

The study employs Fault Tree Analysis (FTA) to systematically identify and structure risks leading to facial data breaches, framed by a five-stage data lifecycle: collection, storage, transmission, usage, and destruction. Rationale: FTA is a mature, deductive safety and reliability method suitable for complex systems, enabling clear modeling of causal chains via logic gates and prioritization of basic events. Steps: (1) Define the top event T as “facial data breach.” (2) Identify secondary events as intermediate events (M) and basic events (X), organized per lifecycle stages and risk factors. (3) Connect events using AND/OR logic gates to construct the fault tree (T caused by M-level events; M caused by X-level events). (4) Select and analyze cases to populate the tree. Data: 22 facial data breach cases (2019 onward) were collected from CNKI newspaper database, China Search, Baidu News, and Google News using keywords related to facial data breaches and recognition. Inclusion criteria: typicality/social salience; data availability across multiple sources; and heterogeneity of fields, locations, and actors. Three PhD students coded risks from direct causes reported and expert analyses in sources; a professor validated the coding. The final tree comprises 24 intermediate events and 47 basic events (coded as in Table 3 of the paper). Example causal logic: M1 (risk caused by individual) = M4 (insufficient security awareness) AND M5 (unsafe actions); M4 is caused by X1 or X2 or X3; M5 is caused by X4 or X5 or X6. Analysis: Minimal Cut Sets (MCS) were derived using the Fussell–Vesely algorithm by expanding T through logic gates to combinations of basic events. Structural importance (qualitative) was assessed approximately from MCSs using principles by Barlow and Proschan, ranking basic events by their contribution to T considering frequency and size of MCSs in which they appear. Key equations: T = M1 × M2 × M3; M1 = M4 × M5; M2 = M7 + M8 + M9 + M10 + M11; M3 = M11 × X43.

- The completed fault tree includes 24 intermediate events and 47 basic events, yielding 1224 minimal cut sets (MCSs), indicating an extremely vulnerable system with many accident paths. - Three intermediate events closest to the top event are most consequential: M1 (Risk caused by individual), M2 (Risk during data management), and M3 (Supervision absence). Within M2, the collection, storage, and usage stages show the densest risk branches. - Structural importance ranking of basic events identifies: X43 (Lack of laws and regulations) as most important; X7 (Immature face recognition technology) as second; followed by individual-related factors X1 (Personal greed for small gains), X2 (Incautious about related products), X3 (Individuals lack deletion consciousness), X4 (Use of simple passwords), X5 (Casual uploading of facial data), and X6 (Downloading unapproved apps). - Additional potential risk sources highlighted include vulnerabilities at IoE terminals (resource-constrained devices, untrusted physical environments) and insecure data transmission and processing in cloud environments. - The analysis underscores manageability and traceability needs across the lifecycle and the necessity for multi-stakeholder governance to address legal, technical, managerial, and behavioral contributors to breaches.

The results show facial data breaches arise from intertwined personal, managerial, and supervisory failures. The dominance of M1, M2, and M3 emphasizes that individual behavior (amplified by the privacy paradox and fatigue), lifecycle-spanning data management weaknesses (particularly in collection, storage, and usage), and regulatory gaps collectively drive breach risk. The highest-importance basic events indicate that maturing face recognition technology and establishing clear, enforceable legal frameworks and standards are pivotal for risk reduction. Education and nudging to improve individual awareness and safe practices can mitigate high-impact human factors (X1–X6). Recognizing terminal and cloud-layer vulnerabilities suggests technical mitigations such as stronger device security, encryption, authentication, least-privilege access, and architectures like edge/fog computing to localize processing and reduce exposure. The findings support a multi-stakeholder approach: legislators to define boundaries and standards; regulators to clarify authority and coordination; industry to implement robust controls and ethics reviews; and individuals to adopt safer behaviors. Collectively, these measures address the lifecycle manageability and traceability challenges identified by the fault tree.

This study applies Fault Tree Analysis to facial data breaches to construct a comprehensive, lifecycle-based causal map of risks in the IoE, yielding 24 intermediate and 47 basic events and 1224 minimal cut sets. It identifies three key intermediate drivers (individual risks, data management risks, and supervision absence) and ranks basic events by structural importance, with legal/regulatory absence and immature facial recognition technology as primary contributors, followed by critical human factors. Contributions include: (1) methodological innovation by using accident-analysis (FTA) to model data breaches systematically; (2) practical support for risk tracking and prioritization of controls across the lifecycle; and (3) theoretical insight that physiological data security is a systemic, collective governance challenge, with emergent risks from device and cloud layers. Future work could extend quantitative importance measures, broaden case datasets across jurisdictions and sectors, and evaluate the effectiveness of interventions such as edge/fog architectures, strengthened standards, and public education at scale.