Foundations first

Before you get started, it is important to make sure you have the right foundations in place in your organisation to introduce and operate smart solutions in an effective and secure way.

This means having the right policies in place and making sure people in your organisation have the right skills and capabilities.

Policies for managing data

You will need to make sure you manage data from your smart solutions in a secure, responsible and appropriate way. Effective and secure data management is integral not just to achieving outcomes but to maintaining trust with your community.

You should:

• Develop robust data governance policies and protocols and ensure they are followed.
• Consider undertaking a review of skills and capability across organisations involved in delivering and operating the smart place to identify digital literacy/data management gaps. An up-skilling program and/or new resources may be needed address any gaps found.

Data sharing

While it is crucial to ensure the privacy and security of data is not compromised, data sharing between and within government levels can improve business competition, drive efficiency, and stimulate innovation generating new products and services.

Fostering a data-sharing culture, where place-owners and government agencies are open and transparent with their data, will ultimately provide better outcomes for citizens. Access to data collected by smart technologies across system, agency and jurisdiction boundaries will drive better decision making and improved customer-focused services and solutions.

The NSW Government Open Data Policy, requires NSW Government agencies to start from a position of data openness, promoting the release of data unless there are security or privacy implications. This is an approach that should be considered across the board.

During the Design stage, you will select platforms to help you share data.

Privacy and security by design

Data collected by Smart Places must be treated safely and securely. You must be transparent about and accountable for the data that is collected, how it is managed, used, stored, and disposed of, and who has access.

Community trust for smart places depends on close consultation with local communities about the data that is collected, the benefits it will generate and how it is treated.

The NSW Smart Places Data Protection Policy brings together legislation and policies relevant to the full lifecycle of smart places data and information. It will help you to uphold best practice and adhere to related policies and relevant laws, including the NSW Privacy and Personal Information Protection Act 1998.

Privacy and standards

ISO/IEC TS 27570, Privacy protection – Privacy guidelines for smart cities is a Technical Specification providing guidelines and recommendations for privacy protection in smart cities.

There are a range of privacy considerations surrounding governance, data management, risk management, engineering and citizen engagement.

The Technical Specification will help you protect privacy in your smart place and help you learn how standards can be used for the benefit of citizens.

Mandatory Notification of Data Breach Scheme

The Mandatory Notification of Data Breach (MNDB) Scheme will come into effect on 28 November 2023. These amendments impact the responsibilities of NSW public sector agencies or state-owned corporations under the Privacy and Personal Information Protection Act 1998 (PPIP Act). They require agencies to provide notification to affected individuals in the event of an eligible data breach of their personal or health information. Detailed information about the scheme is available at the NSW Information and Privacy Commission website.  

The Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Once the Scheme comes into effect, the Information Privacy Commission will report on how the Scheme is operating. Annual summary data will also be included in the IPC Annual Report. 

Cyber security

Being digitally connected, Smart Places can be a target for cyber attacks. Cyber risk management aims to reduce the impact of any malicious cyber activity by reducing vulnerabilities and providing appropriate monitoring, alerting and incident response.

The Australian Cyber Security Centre also recommends all organisations implement eight essential mitigation strategies to reduce the threat of cyber attack. Dubbed the 'Essential Eight' , these mitigations can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

It is important to note that the Essential Eight does not have a certification process that entities/organisations can attest to. If you want to mandate the Essential Eight, you should consult existing suppliers/partners to establish the degree of conformance. The Essential Eight Maturity Model may assist you to check the performance of suppliers and partners.

You might want to examine whether the companies you are looking to engage meet international standards and what related security controls they adopt.

Cyber security standards

ISO/IEC 27001 Information Security Management Systems - Requirements provides a model on how to set up and operate a management system and so you can demonstrate conformance through an audit and certification process.

When you engage the market to procure smart solutions, you may consider asking suppliers to verify that they adopt and/or comply with ISO/IEC 27001. If they can do this, you can have a higher degree of confidence about the underlying security of their smart-places related technology. Companies might then also demonstrate additional cyber security capabilities.

Artificial Intelligence and Machine Learning 

Artificial Intelligence (AI) and Machine Learning include technology, programs and advanced computing algorithms that can augment decision-making by identifying meaningful patterns in data. 

AI is rapidly advancing with the recent explosion of Large Language Model based systems. These increases in processing power and ability to process ever growing data sets, have resulted in organisations looking to plan significant investment in enterprise-based AI. Current examples of AI in practice include voice recognition, ‘smart’ assistants such as Siri, Alexa, Cortana and Google Now, Microsoft Co-pilot, Google BARD, waste management and disposal, traffic management systems, robotics, facial recognition and crowd movement for public safety. 

Machine Learning, a subset of AI, offers the potential to automate procedural and administrative tasks, and enables numerous other technologies. In smart places, machine learning can also be used to evaluate the current condition of the smart devices, predict future behaviour, and optimise the operation of your assets.

The speed of technological evolution means that AI and machine learning also present new challenges that highlight the importance of meeting the highest privacy standards and pro-actively addressing ethical considerations. These include perpetuating biases and social disadvantages, legal complexities of AI use in decision-making, and the ability of certain AI technologies to self-learn. 

AI needs to be developed responsibly and with a clear focus on big-picture outcomes and an intimate understanding of policy settings and whole systems. This will ensure that  that the community can trust that the technology is being used appropriately, and that any unintended consequences are avoided or remedied quickly and effectively.

Resources for artificial intelligence and machine learning 

Resources for cyber security

Building capability and further learning

Institute of Applied Technology – Digital

Explore microcredentials and microskills at the Institute of Applied Technology - Digital.

A range of microcredentials and microskills are available in Artificial Intelligence, Cyber Security, Data Analytics, and more. Browse the catalogue online.

Discover more about the Smart Places Playbook