In-building IoT can produce plenty of value, but the overbearing surveillance and data collection of occupant movements might end up backfiring due to privacy concerns. However, many IT experts believe IoT can help support the physical safety of occupants without seeming as if it is surveilling occupants at every moment of the day. Here are three recommendations on how owners and property managers can deploy smart building IoT without alarming those concerned with the erosion of personal data privacy.
Don’t deploy surveillance cameras everywhere just because you can
Given the low cost and ease of deployment options of modern surveillance cameras, going overboard on camera installation is all too easy. While many occupants understand the need for audio/video surveillance at specific entry/exit points within a building, some areas should be off limits—specifically, anywhere in a building where sensitive business information could be overheard or caught on video, such as private offices and conference rooms. In many circles, concerns over surveillance camera misuse—eavesdropping or misuse or theft of footage by nefarious actors—are valid.
Be up front about the purpose of occupant tracking
People-counting, hallway and entry/exit point heat maps, temperature checks, and door controller tracking are some ways to track migration patterns and to pinpoint where occupants are in a building in real time. Collecting this data is often used for improving heating, cooling, and air-quality efficiencies. If occupants are made aware that this data that the purpose for this type of data collection is for nonsurveillance and nonindividual tracking purposes, they’ll likely feel more comfortable.
Given the low cost and ease of deployment options of modern surveillance cameras, going overboard on camera installation is all too easy.
Create and distribute a data collection and usage policy document
Business leaders and their legal team should draft and make available a policy document to occupants that highlights what personal data is collected, who owns the data, and how that data is used. Information regarding how potentially sensitive data sets are anonymized and/or abstracted will help ease minds when it comes to working and interacting with smart building IoT.
Potentially identifiable data can be purposefully anonymized through a process referred to as “de-identification” in IT/OT security circles. De-identification can be accomplished by way of data hashing, with the eventual discarding of personally identifiable information (PII). If PII must remain for a period of time, information on the handling of secure partitioning and encrypted storage should be presented to those that request it. A company’s IT department typically manages and automates the de-identification process.
This policy document should detail whether occupants can choose to opt out of any data collection practices. Being upfront about collection practices and occupant options should help eliminate unease over IoT privacy concerns.
Privacy concerns over IoT data collection will likely shift over time
In all likelihood, smart building IoT privacy worries will ease over time similar to how concerns have ebbed over online credit card usage during the early days of the internet. As more buildings become outfitted with similar surveillance technologies and as owners provide relevant, informative details to occupants to address concerns, fears over data mishandling will subside. In the current climate, expect some pushback by people who work or lease space in smart buildings. As a result, owners should deploy smart building IoT with great care and transparency.