Establishing a robust data management policy will be one its greatest challenges a city faces on the journey to establishing itself as a 'Smart City'. Without appropriate data management, the needs of a Smart City and those of the individual are on a collision course:
1. At the very least, a smart city system needs to gather, store and analyse data from multiple sources. To be effective the smart city must make this data open to a community of coders to create the applications needed to exploit this data. This is called Open Data. However, Open Data –increases exposure to data breaches. The reputation risk and adverse publicity of mishandling individual and corporate data are well known.
2. City governments need to secure and protect data they gather from citizens. To ensure they do, citizens should have a right to opt out if they are not confident with the city’s arrangements. One could even argue that choosing to ‘opt-in’ should be the default. A data management policy which does not instill confidence may lead to large opt-out numbers. This raises questions about the quality and usefulness of the data. Is it accurate, current and complete? Is the data representative of the city and its citizens?
Developing policies and procedures to properly manage the control of personal and corporate data are not trivial. Support and advice is available, for example, the British Standards Institute has developed PAS 185 Smart Cities, a new Smart Cities specification for safeguarding data and information security in cities. PAS 185 outlines the potential security threats to a smart city as well as outlining appropriate responses to those threats. Whilst PAS 185 is optional, however, other frameworks are not. GDPR [General Data Protection Regulatory] was introduced by the EU in 2016 to replace the original Data Protection Act. The new GDPR is a framework designed to protect citizen data. With fines of up to 4% of global revenues and headline requirements including:
· Companies must hire a data protection officer.
· Mandatory data breach notification.
· Privacy by design and by default as legal requirements.
GDPR does much to focus the attention of organisations which do business in Europe upon their obligations to protect personal data. Understanding these regulations however and adopting the right data management strategy adds a further layer of complexity to an already complex issue. Arriving at a good data management policy whilst wading through the morass of regulations, advice and holding down business as usual, is often quoted by cities as one of the main reasons why they are reluctant to embark upon Smart City projects. The Royal Academy of Engineering highlighted that there are genuine dilemmas in this area. These, it argues, represent barriers to adopting smart infrastructure.
Collection, processing and storage of personal data can be of great benefit to citizens, but user’s privacy concerns must be addressed.
A process of Becoming Smarter is a pragmatic way of dealing with the difficulties cities face on the journey to becoming a Smart City. Becoming smarter describes a risk mitigation technique using discrete projects but mindful of the 'bigger picture'. By ‘experimenting’, the city can learn to manage smart projects, measure benefits and pass on lessons learned to the next project - slowly growing in confidence while limiting risk. Nowhere is this more relevant than in developing the city’s data management policy. The city can investigate issues like data ownership, privacy, security and the ethics of data management in a controlled fashion, minimising risk as it moves towards a data management policy which is appropriate robust and fit for purpose.
If you would like to talk to know more about ‘Becoming Smarter’, the Wireless Explorers approach to becoming a Smart City please contact us directly through firstname.lastname@example.org