The Internet of Things has a privacy problem. More specifically, a lack of privacy problem. It goes something like this:
1) Nothing on the Internet is private
2) IoT devices are, by very definition, connected to the Internet
Q.E.D. Devices on the IoT are not private.
There are certainly plenty of ways to make connected devices more private. Multi-layered security, consumer education programs and of course omitting personal data collection and utilization from IoT devices can all go a long way toward making such systems less prone to leak private data, but the long and short of the story is this: IoT devices aren't ever going to be 100% private and secure. Now we, as consumers and users of these systems, just have to decide what our collective tolerance for lack-of-privacy is. Or, more likely, what we're going to demand in exchange for giving up private data on purpose. Keith Winstein over at Politico has dubbed this the "right to eavesdrop on your things," and there's a good reason to worry: if history is any indicator, the collective "we" will be willing to give up plenty of rights for very little in return, and the not-so-collective I, and others like me, will not be able to do much about it.
But that's not to say that people aren't trying to get ready for it. Stanford has a secure IoT initiative that specifically references privacy plans, and plenty of industry groups are trying to stake out some position in the privacy arena, if for no other reason than they're terrified of government intervention. But if these efforts turn out to be anything like the successive attempts to establish a privacy code of conduct in the digital signage industry, a bunch of words will be generated by well-meaning industry folk, they will be completely ignored by those implementing the systems (and those who stand to profit from them), and everyone will cross their fingers and hope for the best.