Smart Buildings & Cities News South Africa

Smart buildings: Data generated must be PoPIA compliant

While architects and building owners increasingly turn to technology to deliver buildings that are not only intelligent and more energy efficient but also hygienically safe, data and personal information protection measures should be a key consideration.
Image supplied
Image supplied

“The creation of smart buildings can yield considerable value when it comes to monitoring occupancy rates and supporting a safe and healthy environment, but it must be remembered that digitally engineered buildings generate a substantially large quantity of data,” says Databuild CEO Morag Evans.

“And while the collection of data can be extremely useful in gaining insights that help improve the overall safety and wellbeing of building occupants, gathering information on behavioural patterns includes personal data and this must be processed in a manner that does not infringe on building occupants’ rights,” she cautions.

The Protection of Personal Information Act (PoPIA), which came into effect on 1 July, specifically seeks to protect personal information and prevent it from being misused and abused.

According to the Act, everyone has a right to privacy and protection against the unlawful collection, retention, dissemination and use of personal information. Failure to comply with the legislation can lead to hefty fines of up to R10m and/or imprisonment of up to 12 months.

“The management and protection of personal data is therefore a key consideration for smart building owners and landlords,” says Evans.

Minimise data collection

“One of the best ways to mitigate the risk of non-compliance with PoPIA regulations is to minimise the volume of data that is collected,” she advises.

“Only collect what is necessary for immediate usage. For example, temperature and lighting sensors can be used to change settings when persons enter and leave a room. Storing users’ individual preferences significantly increases the volume of data being collected as the system is required to ‘remember’ these preferences. Sensors that function on standard settings, however, are far less data dependent.”

Ensure data security

The PoPI Act also requires that adequate control measures be put in place to safeguard all the data being collected.

“Building owners and landlords are not only required to ensure that the data is secure from a technical perspective, but also that in the event of a data breach, the fallout can be dealt with effectively and speedily.

“The larger the amount of data collected, the harder this is to do,” Evans points out.

Design with PoPIA in mind

“The coronavirus has redefined the way people relate to the buildings in which they work, live and meet, and technology – and the data it generates – is playing a pivotal role in the development of safe and efficient spaces.

“It is therefore imperative that these smart infrastructures are designed and built with data and personal information protection measures in mind to ensure that this data does not fall into the wrong hands,” Evans concludes.

Let's do Biz