Before you get started, it is important to make sure you have the right foundations in place in your organisation to introduce and operate smart solutions in an effective and secure way.
This means having the right policies in place and making sure people in your organisation have the right skills and capabilities.
Policies for managing data
You will need to make sure you manage data from your smart solutions in a secure, responsible and appropriate way. Effective and secure data management is integral not just to achieving outcomes but to maintaining trust with your community.
- Develop robust data governance policies and protocols and ensure they are followed.
- Consider undertaking a review of skills and capability across organisations involved in delivering and operating the smart place to identify digital literacy/data management gaps. An up-skilling program and/or new resources may be needed address any gaps found.
The NSW Government Data Strategy guides the use and management of data across government.
The NSW Data Governance Toolkit helps the NSW Government to achieve the potential gains from the exponential volumes of data being created, guiding a coordinated and consistent approach to data governance that is built on a common understanding of its benefits, obligations and best practice.
The Data.NSW website hosts a full and up-to-date list of all the legislative and policy requirements you need to be aware of when you are handling and managing data.
While it is crucial to ensure the privacy and security of data is not compromised, data sharing between and within government levels can improve business competition, drive efficiency, and stimulate innovation generating new products and services.
Fostering a data-sharing culture, where place-owners and government agencies are open and transparent with their data, will ultimately provide better outcomes for citizens. Access to data collected by smart technologies across system, agency and jurisdiction boundaries will drive better decision making and improved customer-focused services and solutions.
The NSW Government Open Data Policy, requires NSW Government agencies to start from a position of data openness, promoting the release of data unless there are security or privacy implications. This is an approach that should be considered across the board.
During the Design stage, you will select platforms to help you share data.
The NSW Data Governance Toolkit will help you to maintain effective data governance when you share your data with others.
Privacy and security by design
Data collected by Smart Places must be treated safely and securely. You must be transparent about and accountable for the data that is collected, how it is managed, used, stored, and disposed of, and who has access.
Community trust for smart places depends on close consultation with local communities about the data that is collected, the benefits it will generate and how it is treated.
The NSW Smart Places Data Protection Policy brings together legislation and policies relevant to the full lifecycle of smart places data and information. It will help you to uphold best practice and adhere to related policies and relevant laws, including the NSW Privacy and Personal Information Protection Act 1998.
NSW Government agencies involved in smart place initiatives must adhere to the Smart Places Data Protection Policy. If you work for a different organisation, we recommend you consider it as a guide to help you achieve best practice.
Privacy and standards
ISO/IEC TS 27570, Privacy protection – Privacy guidelines for smart cities is a Technical Specification providing guidelines and recommendations for privacy protection in smart cities.
There are a range of privacy considerations surrounding governance, data management, risk management, engineering and citizen engagement.
The Technical Specification will help you protect privacy in your smart place and help you learn how standards can be used for the benefit of citizens.
Mandatory Notification of Data Breach Scheme
The Mandatory Notification of Data Breach (MNDB) Scheme will come into effect on 28 November 2023. These amendments impact the responsibilities of NSW public sector agencies or state-owned corporations under the Privacy and Personal Information Protection Act 1998 (PPIP Act). They require agencies to provide notification to affected individuals in the event of an eligible data breach of their personal or health information. Detailed information about the scheme is available at the NSW Information and Privacy Commission website.
The Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Once the Scheme comes into effect, the Information Privacy Commission will report on how the Scheme is operating. Annual summary data will also be included in the IPC Annual Report.
Being digitally connected, Smart Places can be a target for cyber attacks. Cyber risk management aims to reduce the impact of any malicious cyber activity by reducing vulnerabilities and providing appropriate monitoring, alerting and incident response.
The NSW Cyber Security Policy is a requirement for all NSW Government agencies, and if you are from another organisation, we encourage you to adopt it too. It will help you to manage cyber risks well and make your smart place more resilient against attacks.
The Australian Cyber Security Centre also recommends all organisations implement eight essential mitigation strategies to reduce the threat of cyber attack. Dubbed the 'Essential Eight' , these mitigations can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
It is important to note that the Essential Eight does not have a certification process that entities/organisations can attest to. If you want to mandate the Essential Eight, you should consult existing suppliers/partners to establish the degree of conformance. The Essential Eight Maturity Model may assist you to check the performance of suppliers and partners.
You might want to examine whether the companies you are looking to engage meet international standards and what related security controls they adopt.
Cyber security standards
ISO/IEC 27001 Information Security Management Systems - Requirements provides a model on how to set up and operate a management system and so you can demonstrate conformance through an audit and certification process.
When you engage the market to procure smart solutions, you may consider asking suppliers to verify that they adopt and/or comply with ISO/IEC 27001. If they can do this, you can have a higher degree of confidence about the underlying security of their smart-places related technology. Companies might then also demonstrate additional cyber security capabilities.
Artificial Intelligence and Machine Learning
Artificial Intelligence (AI) and Machine Learning include technology, programs and advanced computing algorithms that can augment decision-making by identifying meaningful patterns in data.
AI is rapidly advancing with the recent explosion of Large Language Model based systems. These increases in processing power and ability to process ever growing data sets, have resulted in organisations looking to plan significant investment in enterprise-based AI. Current examples of AI in practice include voice recognition, ‘smart’ assistants such as Siri, Alexa, Cortana and Google Now, Microsoft Co-pilot, Google BARD, waste management and disposal, traffic management systems, robotics, facial recognition and crowd movement for public safety.
Machine Learning, a subset of AI, offers the potential to automate procedural and administrative tasks, and enables numerous other technologies. In smart places, machine learning can also be used to evaluate the current condition of the smart devices, predict future behaviour, and optimise the operation of your assets.
The speed of technological evolution means that AI and machine learning also present new challenges that highlight the importance of meeting the highest privacy standards and pro-actively addressing ethical considerations. These include perpetuating biases and social disadvantages, legal complexities of AI use in decision-making, and the ability of certain AI technologies to self-learn.
AI needs to be developed responsibly and with a clear focus on big-picture outcomes and an intimate understanding of policy settings and whole systems. This will ensure that that the community can trust that the technology is being used appropriately, and that any unintended consequences are avoided or remedied quickly and effectively.
Resources for artificial intelligence and machine learning
NSW Government AI Policy and User Guide
AI Ethics Policy
The AI Ethics Policy provides a set of key principles that guide the ethical use of AI by the NSW Government and ensure that any projects with an AI component align with best practice. These focus on community benefit, fairness, privacy and security, transparency and accountability.
Resources for cyber security
NSW Cyber Security Policy
The NSW Cyber Security Policy outlines the mandatory requirements for all NSW government departments and Public Service agencies, to ensure cyber security risks to their information and systems are appropriately managed.
Smart Places Customer Charter
Developed by the NSW Department of Planning, Industry and Environment, the Smart Places Customer Charter includes a commitment by the NSW Government and its agencies to adhere to the Data Protection Policy and related legislation.
NSW Smart Places Data Protection Policy
This Policy is designed to support the NSW Smart Places Customer Charter and help you to uphold best practice and adhere to related policies and relevant laws, including the NSW Privacy and Personal Information Protection Act 1998.
Information and Privacy Commission's Digital Projects Fact Sheet
Information and Privacy Commission's Guide to Privacy Impacts Assessments
The Information and Privacy Commission's Privacy Impacts Assessment will help you assess the impacts on the privacy of a project, technology, product, service, policy, programme or other initiative and, in consultation with stakeholders, for taking remedial actions as necessary in order to avoid or minimise negative impacts.
Information and Privacy Commission’s Guide to: Mandatory Notification of Data Breach Scheme
The Mandatory Notification of Data Breach Scheme comes into effect on 28 November 2023. It will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy. Additional resources including fact sheets and resources for agencies is available at the Information Privacy Commission website.
Building capability and further learning
Smart NSW Case Study Library
The Smart NSW Case Study Library is a resource showcasing great outcomes for people and places enabled by smart technology and data solutions. Browse the library online to see examples of relevant projects in the foundations-first stage.
The SmartNSW Masterclass series is building a confident, skilled public sector workforce, able to use technology and data as core business. Relevant sessions are highlighted below.
This masterclass helps place and precinct managers and councils to deliver smart solutions safely, ethically and transparently, growing community involvement and engagement.
- Smart Speed Session 1: The Nitty Gritty - Privacy, ethics and cybersecurity
2021 Smart Places Masterclass Series
Co-hosted with the Australian Computer Society, this series explored core drivers in smart places.
Relevant sessions include:
- Session 04: Data Sharing and Use, AI and Data Governance with Annette Slunjski, Fang Chen and Aurelie Jacquet
- Session 06: 5G and Smart Places with Matt Schultz, Mike Wood , Troy Daly and Matt Evans
- Session 08: Cyber Security in Smart Places, Alan Maurushat and Charlotte Wood
- Session 11: 6G Disruption and Opportunities with Ian Oppermann, Peter Leonard, Jay Guo and Marina Yastreboff
Institute of Applied Technology – Digital
Explore microcredentials and microskills at the Institute of Applied Technology - Digital.
A range of microcredentials and microskills are available in Artificial Intelligence, Cyber Security, Data Analytics, and more. Browse the catalogue online.