There are (IMHO) various data ownership/retention issues which need addressing as well across this much-vaunted "internet of things".
A good example is the "black box" which insurance companies are keen to push with discounts for younger drivers. Who owns the recorded data? This is important because without exception it will show the driver exceeding a speed limit at some point - we all do it, whether by accident or otherwise. If the insurance company owns & stores the data then the govt could pass a retrospective law (its been done) to give them access to the data and fine the drivers without the incovenience/cost of hearings/trials. Quite the little money-spinner if they said "pounds or points, you choose"
The problem with the technology is simply that (like the home router market) there's a lot of stuff which won't be supported past next year so if its wide open to exploits a few years on then what do you do about it? More importantly how would you know?
You think your house is nice & warm but you get a huge bill, energy company says "you set it wrong", two years down the line you hear that a sales manager from your energy company has been done for fraud - inflating his teams bonuses by boosting thermostats on a random basis. Doesn't sound that far-fetched does it?