A plethora of smart building systems and sensors can streamline processes and protect occupants' well-being. The problem, however, is that these digital tools have the potential to be abused, creating a potential liability when it comes to in-building occupant privacy and data protection. Let’s look at some of the potential problems that smart building managers face when it comes to striking a balance between building automation and occupancy betterment and what you can do about it.
Identify Critical Systems That Need Protection
There are a number of smart systems and IoT sensors that can lead to stolen personally identifiable information (PII) and misuse by administrators. That’s why it’s essential to deploy these types of technologies with a priority on privacy and robust security. However, to start this process, it is crucial first to identify the types of smart building technologies most likely to cause occupant privacy challenges. While there are a wide range of smart building technologies available today, the most critical systems to protect first include:
- Surveillance cameras. Cameras have grown increasingly sophisticated and now offer ultra-high definition resolution and facial recognition for easy occupant identification.
- Access control systems (ACS). Access control, either standard or biometric, can always be tied back to a single user or occupant.
- Smart meters. Granular control over HVAC, water and electricity usage can be used to track one or more users within a building to create individual profiles that could be abused.
- Location tracking. These tools and sensors monitor occupant movements within a campus or building for improved HVAC and smart lighting efficiencies. Even the network can track the location of active wired and wireless users as they move throughout a facility. Location-based information may lead to misuse if left in the wrong hands.
How to Protect Occupant Data in Smart Buildings
Now that we’ve highlighted some of the more popular technologies that can create privacy concerns, the next step is to figure out how to protect data from being lost, stolen or misused. Examples of ways to better protect and monitor occupant data include:
- Control access to collected data. Track and monitor who has access to occupant data and identify data usage to spot anomalies that may constitute misuse. This data should be audited on a regularly scheduled basis.
- Data encryption. Ensure that sensitive occupancy data is encrypted while stored (at rest) as well as in motion as it moves across the network.
- Data storage locations. Understand and track prciesly where occupancy data is stored. In some cases, this may be a combination of on-premises and cloud or off-site data center facilities.
- Consent forms. Require that tenants sign consent forms so they understand the types of data being collected, their intended use and how you plan to secure it.
- Third-party security audits. Create a policy that requires regular third-party audits from a reputable security firm that verify and validate whether the security protections you have in place are operating as intended and have no glaring gaps where tools and policies can be bypassed.
Build-in Data Privacy on Day One
Ideally, your goal as a building owner or operator is to ensure that smart building technologies that collect and analyze occupant PII use the concept of “privacy by design.” This is where the necessary security measures are built into a smart building technology during the design phase of the integration. Using this method better ensures that security tools, processes and policies are tightly engrained into systems as opposed to bolting on security as an afterthought.
Also note that many city, state and federal regulations require that PII data be strictly controlled. Baking in the necessary security precautions at first deployment is advantageous as it creates the foundation to ensure that security gaps are not overlooked.