Privacy is considered a basic human right, but how private are our lives when our commercial buildings are full-to-the-brim with IoT devices, smartphones, wearable devices, and AI-driven building automation systems? Is all that stuff cool, or just a bit creepy?
We believe that with the right blend of edge-to-cloud security and a benefit-driven approach to ‘smart’, building owners and IT professionals do not need to sacrifice data privacy or resilience in the quest to improve comfort, tenant well-being, and sustainability scores.
So, here are 5 smart building tips to help future-proof cyber security threats, and minimize those 'big brother vibes' often associated with tech deployed badly:
1. Consent and communication
Data privacy begins with user consent and transparent internal communication. All stakeholders (staff, visitors, and operational teams) must understand what technology you’re implementing and why. No one wants to turn up to a meeting room to find a mysterious sensor on the ceiling or feel like their desk booking app has some hidden coffee break tracker (don’t worry, they don’t).
But be upfront and honest about why you are collecting data and distribute clear GDPR-compliant documentation explaining why. Tenants and staff will buy into the goal of making the office a cooler, more productive, and more sustainable place to work.
What about consent and communication on the tech side? Most good software vendors – whether their product is a data platform, sensor, app, or full-stack offering - should work in partnership with you, the smart workplace management team, to educate your users. This shouldn’t just happen in the initial onboarding stage, but throughout the lifecycle of your time with that digital product. So try and choose a vendor that priorities education and transparency, supports tailored opt-in/out services, and allows you and your people to flexibly edit policies and workplace preferences - remember they can shift over time. According to a 2021 paper by Harper et al most smart building occupants are not familiar with the types of data being collected, that is subtly related to them, nor the privacy risks associated with it - as an industry we need to get better at this.
Tip: Be upfront and honest about what data you are collecting. Craft and distribute fresh GDPR-compliant documentation and technology that requests consent, where appropriate.
2. Minimize intrusive technology – do not observe or control employees Smart buildings don’t need cameras, sensors, and screens popping out of every wall and crevice to be smart. Overtly intrusive technologies (e.g. CCTV) can have the opposite effect on well-being as it heightens the sense of mistrust and hostility between staff and employer; yet not all forms of IoT are as intrusive as you might think.
Here are some privacy myths that need debunking:
I am being watched: Machine-vision sensors (the ones which count occupancy levels through camera lenses) do not track individuals or capture personally identifiable information (PII). Contrary to the hype, the images processed by these cameras are at an ultra-low resolution which despite giving a high degree of people-counting accuracy, still ensures individuals remain anonymous.
Data about me is being stored Raw data is usually destroyed at the edge (via E.L.S technology), and there is no metadata associating counts with people or their location.
Tip: Landlords and tenants should choose technologies that empower their teams to collaborate and thrive, not make their people feel tracked and controlled.
3. Implement edge-to-cloud security best practice
A data breach in any industry can have catastrophic consequences, but this is especially true when an asset (in this case your building/real estate portfolio) is underpinned by an ecosystem of growing IT, OT, and IoT building data. More devices and vendors can equal increased security vulnerabilities, so a true edge-to-cloud smart building should:
Anonymize data for privacy purposes
Respect data ownership and consent – if you’re a SaaS customer, it’s all your data.
Implement secure industry-standard protocols for data sharing across your digital systems – think BACnet, MQTT, AMPQ, OPC UA, Modbus, and others
Implement encrypted communications (based on TLS 1.2 or higher) for secure data transactions
Ensure data is stored in the highest security datacenters
Choose vendors that are independently verified against cyber security standards like ISO/IEC 27001 and Cyber Essentials.
Tip: Find and choose vendors that can prove they take data security very seriously.
4. Focus on the data you already have and then identify the gaps Your office, hospital, school, or factory likely already has a lot of data in it – you just need to bring that (often disconnected) data together in an augmented way that allows you to gather meaningful insights and value. By starting with what you have, firms can uncover hidden insights related to strategic goals like occupancy vs energy usage, Indoor Air Quality performance vs HVAC efficiency, and normalized lighting levels vs actual space use. Start with what you have, and build from there.
Tip: audit what data you already have and evaluate how you could use it smarter.
5. Define who accesses what data – role-based access control It’s crucial that data only enters the hands of those who have been granted access to view it. Smart Building platforms should manage precise access to specific data, resources, and actions through OAuth2.0 tokens or similar authorization protocols.
Tip: choose a technology vendor that makes it easy to implement role-based access control (RBAC) to data
Let’s get started Want to level-up your buildings data security standards? Interested in how your company can extract more out of your existing data?