Foundations first

Before you get started, it is important to make sure you have the right foundations in place in your organisation to introduce and operate smart solutions in an effective and secure way.

This means having the right policies in place and making sure people in your organisation have the right skills and capabilities.

Policies for managing data

When used effectively, data provides rich insights to aid decision-making, and ultimately drive better outcomes that people can really see and feel.


You will need to make sure you manage data from your smart solutions in a secure, responsible and appropriate way. Effective and secure data management is integral not just to achieving outcomes but to maintaining trust with your community.

You should:

  • Develop robust data governance policies and protocols and ensure they are followed.
  • Consider undertaking a review of skills and capability across organisations involved in delivering and operating the smart place to identify digital literacy/data management gaps. An up-skilling program and/or new resources may be needed address any gaps found.

Smart Place Resource: Data for Places – A practitioner’s guide

This document has been developed to guide practitioners or place owners, through the application of data in the management and monitoring of place.

Download: Data for Places – A practitioner’s guide (PDF, 968.5 KB)


Data sharing

While it is crucial to ensure the privacy and security of data is not compromised, data sharing between and within government levels can improve business competition, drive efficiency, and stimulate innovation generating new products and services.

Fostering a data-sharing culture, where place-owners and government agencies are open and transparent with their data, will ultimately provide better outcomes for citizens. Access to data collected by smart technologies across system, agency and jurisdiction boundaries will drive better decision making and improved customer-focused services and solutions.

The NSW Government Open Data Policy, requires NSW Government agencies to start from a position of data openness, promoting the release of data unless there are security or privacy implications. This is an approach that should be considered across the board.

During the Design stage, you will select platforms to help you share data.

Privacy and security by design

Data collected by Smart Places must be treated safely and securely. You must be transparent about and accountable for the data that is collected, how it is managed, used, stored, and disposed of, and who has access.

Community trust for smart places depends on close consultation with local communities about the data that is collected, the benefits it will generate and how it is treated.

The NSW Smart Places Data Protection Policy brings together legislation and policies relevant to the full lifecycle of smart places data and information. It will help you to uphold best practice and adhere to related policies and relevant laws, including the NSW Privacy and Personal Information Protection Act 1998.

Privacy and standards

ISO/IEC TS 27570Privacy protection – Privacy guidelines for smart cities is a Technical Specification providing guidelines and recommendations for privacy protection in smart cities.

There are a range of privacy considerations surrounding governance, data management, risk management, engineering and citizen engagement.

The Technical Specification will help you protect privacy in your smart place and help you learn how standards can be used for the benefit of citizens.

Mandatory Notification of Data Breach Scheme

The Mandatory Notification of Data Breach (MNDB) Scheme will come into effect on 28 November 2023. These amendments impact the responsibilities of NSW public sector agencies or state-owned corporations under the Privacy and Personal Information Protection Act 1998 (PPIP Act). They require agencies to provide notification to affected individuals in the event of an eligible data breach of their personal or health information. Detailed information about the scheme is available at the NSW Information and Privacy Commission website.  

The Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Once the Scheme comes into effect, the Information Privacy Commission will report on how the Scheme is operating. Annual summary data will also be included in the IPC Annual Report. 

Cyber security

Being digitally connected, Smart Places can be a target for cyber attacks. Cyber risk management aims to reduce the impact of any malicious cyber activity by reducing vulnerabilities and providing appropriate monitoring, alerting and incident response.

Cyber security policies and procedures should be embedded into risk management practices and assurance processes.


The Australian Cyber Security Centre also recommends all organisations implement eight essential mitigation strategies to reduce the threat of cyber attack. Dubbed the 'Essential Eight' , these mitigations can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

It is important to note that the Essential Eight does not have a certification process that entities/organisations can attest to. If you want to mandate the Essential Eight, you should consult existing suppliers/partners to establish the degree of conformance. The Essential Eight Maturity Model may assist you to check the performance of suppliers and partners.

You might want to examine whether the companies you are looking to engage meet international standards and what related security controls they adopt.

Cyber security standards

ISO/IEC 27001 Information Security Management Systems - Requirements provides a model on how to set up and operate a management system and so you can demonstrate conformance through an audit and certification process.

When you engage the market to procure smart solutions, you may consider asking suppliers to verify that they adopt and/or comply with ISO/IEC 27001. If they can do this, you can have a higher degree of confidence about the underlying security of their smart-places related technology. Companies might then also demonstrate additional cyber security capabilities.

Artificial Intelligence and Machine Learning 

Artificial Intelligence (AI) and Machine Learning include technology, programs and advanced computing algorithms that can augment decision-making by identifying meaningful patterns in data. 

AI is rapidly advancing with the recent explosion of Large Language Model based systems. These increases in processing power and ability to process ever growing data sets, have resulted in organisations looking to plan significant investment in enterprise-based AI. Current examples of AI in practice include voice recognition, ‘smart’ assistants such as Siri, Alexa, Cortana and Google Now, Microsoft Co-pilot, Google BARD, waste management and disposal, traffic management systems, robotics, facial recognition and crowd movement for public safety. 

Machine Learning, a subset of AI, offers the potential to automate procedural and administrative tasks, and enables numerous other technologies. In smart places, machine learning can also be used to evaluate the current condition of the smart devices, predict future behaviour, and optimise the operation of your assets.

The speed of technological evolution means that AI and machine learning also present new challenges that highlight the importance of meeting the highest privacy standards and pro-actively addressing ethical considerations. These include perpetuating biases and social disadvantages, legal complexities of AI use in decision-making, and the ability of certain AI technologies to self-learn. 

AI needs to be developed responsibly and with a clear focus on big-picture outcomes and an intimate understanding of policy settings and whole systems. This will ensure that  that the community can trust that the technology is being used appropriately, and that any unintended consequences are avoided or remedied quickly and effectively.

Resources for artificial intelligence and machine learning 

NSW Government AI Policy and User Guide

The NSW Government AI Policy and User Guide provide clear guidance on the safe use of AI and finding the balance between opportunity and risk while putting in place those protections that would apply for any service delivery solution.

AI Ethics Policy 

The AI Ethics Policy provides a set of key principles that guide the ethical use of AI by the NSW Government and ensure that any projects with an AI component align with best practice. These focus on community benefit, fairness, privacy and security, transparency and accountability.


Resources for cyber security

NSW Cyber Security Policy

The NSW Cyber Security Policy outlines the mandatory requirements for all NSW government departments and Public Service agencies, to ensure cyber security risks to their information and systems are appropriately managed.

Smart Places Customer Charter

Developed by the NSW Department of Planning, Industry and Environment, the Smart Places Customer Charter includes a commitment by the NSW Government and its agencies to adhere to the Data Protection Policy and related legislation.

NSW Smart Places Data Protection Policy

This Policy is designed to support the NSW Smart Places Customer Charter and help you to uphold best practice and adhere to related policies and relevant laws, including the NSW Privacy and Personal Information Protection Act 1998.

Information and Privacy Commission's Digital Projects Fact Sheet

The Information and Privacy Commission's Digital Projects Fact Sheet (PDF, 217.5 KB) provides you with guidance on the information access and privacy issues they should consider when designing and implementing Smart Place solutions.

Information and Privacy Commission's Guide to Privacy Impacts Assessments

The Information and Privacy Commission's Privacy Impacts Assessment will help you assess the impacts on the privacy of a project, technology, product, service, policy, programme or other initiative and, in consultation with stakeholders, for taking remedial actions as necessary in order to avoid or minimise negative impacts.

Information and Privacy Commission’s Guide to: Mandatory Notification of Data Breach Scheme

The Mandatory Notification of Data Breach Scheme comes into effect on 28 November 2023. It will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Additional resources including fact sheets and resources for agencies is available at the Information Privacy Commission website.

Building capability and further learning

Smart NSW Case Study Library

The Smart NSW Case Study Library is a resource showcasing great outcomes for people and places enabled by smart technology and data solutions. Browse the library online to see examples of relevant projects in the foundations-first stage.

SmartNSW Masterclasses

The SmartNSW Masterclass series is building a confident, skilled public sector workforce, able to use technology and data as core business. Relevant sessions are highlighted below.

2023:Trust and tech in smart places

This masterclass helps place and precinct managers and councils to deliver smart solutions safely, ethically and transparently, growing community involvement and engagement.


2021 Smart Places Masterclass Series

Co-hosted with the Australian Computer Society, this series explored core drivers in smart places.

Relevant sessions include:


Institute of Applied Technology – Digital

Explore microcredentials and microskills at the Institute of Applied Technology - Digital.

A range of microcredentials and microskills are available in Artificial Intelligence, Cyber Security, Data Analytics, and more. Browse the catalogue online.

Provide and share feedback

  • Is the Playbook easy to use?
  • Is there information missing?
  • Send us case studies and tools that may be useful to others.
  • Share lessons you have learned that can benefit others.



Discover more about the Smart Places Playbook