Perhaps the darkest side of the data-privacy issue involves consumer wearables like fitness trackers, where any personal data emitted is up for grabs. Users essentially give up the right to keep any personal information private when they accept a wearable's terms of service, which often contains vague language and notions.
"In order to get some benefit, you need to share information with various apps — say, the route you ran or cycled," said Robert Clyde, certified information security manager of ISACA, a global cybersecurity association. One of the dangers of sharing such information is that it's potentially being collected by data brokers, firms that seek personal information about individuals from a host of online and offline sources and then sell it to companies who use the data in various ways.
According to an FTC report, much of the information being brokered is used for marketing purposes. But there are also worries that insurance firms are using it to classify individuals, which might impact premiums. And potential employers could be mining it in an effort to steer clear of hiring someone — say, a diabetic — who might end up costing more in terms of health benefits.
"If you're going for a new job and have shared all kinds of information via social media — like your blood sugar levels, if you're a diabetic — if the potential employer picks up on that, he might not be that motivated to bring a diabetic on board," Clyde said.
Until regulations catch up to the loopholes associated with the technology — Goodnow predicts that we'll see cases popping up in the next several months to the next several years that will help sort out such issues — experts say it's essential for consumers to become better versed in what they're giving away when signing on to use a new device, medically certified or not.
After all, "there's no way to make [a device or system] 100 percent secure," said Cigital's McGraw.
— By Maggie Overfelt, special to CNBC.com