To add to this, a good idea would probably be either a physical "allow access" button on the device (think like the clicky button on top of the Philips Hue hub), or a secure random password physically printed on the device that's the default access password.
Think carefully and lock-it down (not as an afterthought), because unsecured IoT can be exploited to cause devastating harm.
Phoning home should be disclosed and disable-able because you're opening up an attack surface and a privacy risk. And, if there's no clock synchronization, it will be impossible to check the validity of X.509 certificates used in https://.
You should support APIPA and Zeroconf.
Bonus points for Bluetooth to allow configuration from a mobile app. The mobile app should also be able to securely download and send a firmware update.
ZigBee is also low-power and mesh oriented, but will need a bridge/gateway to the internet to be connected.
Device pairing like NetVue cameras having QR barcodes and/or Bose headphones with NFC might be Good Ideas™ too.
What info are you using? If it's weather, let me pick a provider. If it's satellite imagery, let me update the domain if necessary manually. If it's something that only you provide, put it on github. If it constantly needs updating, find a place that will re-index it. Doi.org is a suitable solution for a lot of things, is there a case that i am not covering?
I'm not the embedded guy on the project but my thought was to use a domain name and have it check a DNS every hour.
That would solve it?