Authorities deal with the entities that create and enforce laws and regulations that may impact an organization's collection and use of private information. In the case of the talking doll example, a variety of laws may be at work. For example, the European Union Article 33 rules, the US Children's Online Privacy Protection Act (COPPA), and others may come into play. An IoT organization should identify all legal authorities and the applicable laws and regulations each authority imposes on the operation. Authorities may also have the ability to issue waivers and allow the collection and use of certain information, based on certain conditions. These should be identified as well.
If your IoT organization, like many IT operations, ...