Imagine a day where any part of a building can report its own state of health, when a machine can tell you if it is feeling unwell and 'needs a service', when you can track and prevent, before it happens, a water or gas leakage - all from the convenience of your own smartphone or laptop at home.
This is no longer imagination - this day is now!
The real estate industry is fast becoming influenced by rapid technological advancements. Technology is a significant source of disruption and opportunity, particularly in buildings and modern infrastructure. Buildings are changing. They are no longer just bricks and mortar. While it is not new for technology to form part of the inner workings of a building, sophisticated and advanced technologies are now being integrated into designs and building management systems that underpin most modern building structures. These building management systems are no longer fully segregated from conventional IT networks such as servers, customer relationship management or online payment systems. Buildings are becoming more mobile, flexible and connected - in effect becoming 'smart'.
Landlords, tenants and owners are becoming increasingly reliant upon, and are leveraging, sophisticated new technologies in the day-to-day use of spaces, resulting in greater amounts of data being captured in buildings, office towers and homes around the country. Digital technology is reportedly being used by owners and landlords to assist in brick and mortar sales, for example in retail centres with the goal being to guide a customer from the start of their product acquisition right through to purchase (i.e. a customer searches for a product on Google, finds the product at the shopping centre, is digitally guided by the landlord / centre to an open parking space at the property and then to the store to collect the product).
In hotels, cashless payment technologies are used to increase on-site spending patterns. In offices, mobile and wireless technologies support recent trends towards more open and collaborative workspaces. Employee movements around a floor can be recorded and the resulting data can be put to multiple uses - i.e. by staff to work out where may be busy or quiet in the office, or by organisations to cut cleaning costs, allowing them to focus on cleaning busy areas rather than unused areas. Lighting, humidity and temperature can all be pre-recorded and customised, window coverings can be programmed to block harsh light at certain times of the day, security passes can record movements and time entries, or indeed facial recognition can replace card activation altogether.
It is abundantly clear that such 'smart' buildings are invaluable for landlords in automating building management systems, for employers in improving workplace management and the work environment, and for tenants in increasing footfall to their unit. The data collected can be put to a myriad of uses, including increased efficiency and reduced maintenance costs. But, as with all big data collection, the use, storage and processing of personal information raises privacy, security and contractual issues for all involved.
In particular, employers need to consider the impact of the Privacy Act 1993 when collecting data relating to their employees and ensure that they have an appropriate policy in place to notify their employees of the parameters of any potential surveillance or monitoring.
Landlords, tenants, operators and managers must all be cognisant of their legal obligations and responsibilities in complying with applicable privacy laws when collecting personal data. Who is your privacy officer? Are you collecting more than you need or holding for longer than necessary? Are your visitors aware of any surveillance or monitoring?
Data breaches are increasing in New Zealand
Without mandatory reporting, there were 148 reported data breaches in 2016 (up from 121 in 2015). The number of actual breaches is likely substantially higher. Following Australia's passing of mandatory data breach reporting in February 2017, New Zealand is likely to follow suit, with the Privacy Commissioner expecting this to be part of a new Privacy Act along with fines of up to NZ$1 million for serious privacy breaches.
It will be important for all those involved in smart buildings to know, if a breach occurs, who is liable. What if the breach impacts more than one individual (i.e. tenants of a building)? How has contractual liability for personal data breaches been apportioned? Do you know what action to take if the building becomes a target for cyber criminals? How current are your incident response plans? When were they last tested? Do you or should you have cyber insurance?
Security breaches in smart buildings are becoming increasingly common with cyber criminals targeting vulnerable building management systems, for example the most recently reported attack on overseas government facilities. Retailers and tech giants are also not immune, with Google's building management system in Sydney being infiltrated by researchers seeking to prove a point. It goes without saying that apart from the costs, the significance of data and security breaches can cause (sometimes irreparable) damage to an organisation's reputation and bottom line. A case in point is the recent vulnerability in Australian retailer Target's HVAC platform allowing access to the credit card information of millions of customers.
The most recent ransomware cyber-attack 'WannaCry' which impacted multiple organisations and governments in over 150 countries around the world, brings home to all of us the inherent vulnerability in many organisation's existing infrastructure to cyber-attacks. Albeit outdated software was the focus in this incident, the importance of security vigilance by all organisations cannot be overstated.
Owners, landlords and tenants of smart buildings would be wise to closely consider their data and security protocols and the types of information and data they may be collecting through the use of advanced systems in buildings and how best to protect users from exposure of personal information. Cybersecurity and data protection are not just issues for the IT department, they are business critical issues which must be addressed at the highest level. Advanced data encryption, tested security protocols, privacy and security by design processes, compliant data policies and procedures, and a heightened awareness of these issues and risks will ensure a long reign to the smart buildings of our future.