Concerns around data privacy have been picking up steam in recent years as consumers come to terms with how frequently their data is being used and passed around. Now the global spread of COVID-19 is magnifying this issue with life-or-death urgency as data collection becomes a big part of tracking and containment solutions.
South Korea is building a “smart city database” using data collected through individual tracking bracelets, CCTV footage and credit card transactions. Here in the U.S., Apple and Google have announced the development of a coronavirus-tracking system to create a voluntary contact-tracing network using short-range Bluetooth communications. Smart home systems must now consider how that tracking could intersect with the way residents pair Google Home and Google Nest with their smart home devices. A clear understanding of data ownership is imperative.
The ACLU has already raised concerns with this level of individual data tracking. “As always, there is a danger that simplistic understandings of how technology works will lead to investments that do little good, or are actually counterproductive, and that invade privacy without producing commensurate benefits,” reads a statement released on April 8.
As debate over data collection in the fight against the pandemic and in every other aspect of our daily lives ramps up, it will be increasingly important for every industry to be clear on their data privacy policies — and how those policies could be impacted by COVID-19 tracking.
In the smart apartment technology sector, the data privacy conversation has been a relatively quiet one. People feel safe in their homes, and advancements in smart home technology should make them feel safer. The last thing the multifamily industry should want is for residents to worry about the security of their data in their homes. This conversation will continue to evolve as we navigate the fine line between data security and public health; transparency and problem-solving will have to be prioritized.
Physical Security Meets Data Security
Home is the safest place to be right now, as cities and states across the country maintain social distancing requirements. While many of us are experiencing a range of emotions while stuck at home, from panic to boredom and everything in between, our homes are (ideally) a place where we can feel safe and secure.
There are physical security elements that make a multifamily property feel safe. Maybe there’s a keypad to enter the building and a lock for each unit. The addition of smart apartment systems combines hardware with software, implementing keyless smart locks, plugs and lights that can all be accessed through an app on a resident’s phone. The introduction of smart home technology can improve physical security, but it also introduces the issue of data security — something that’s often overlooked. My experience working at Verisign, which was a security company focusing on authentication and encryption, during the ‘90s made me hyper-aware of how easy it is to steal or forge data. Since then, I’ve always looked at every new technology with an eye toward security and how effective it was at providing it and protecting an individual’s data and privacy.
When renters move into a smart apartment, they’re connecting a smart home hub (owned or rented by the building) with multiple devices (some of which they own and some of which the building owns). When it comes to the data they input, and the data from all the devices they connect, who owns all that? This is a complicated issue with no easy answers.
Our stance is to err toward the generator of the data being the owners of the data. If a resident generates the data through their action, it should be owned by them. But there are sensors such as leak sensors, humidity and others where data is generated by the environment or, in this case, the building, so the ownership should reside with the building. However, could an action taken by the resident cause the humidity or leak? Then do they own the data? There are no easy, straightforward answers, but we need to start thinking about these issues, asking the right questions and setting some level of standards around what data should and can be shared. I believe in only sharing data under two conditions: to prevent physical damage (sending a leak alert to management could help prevent damage to a resident’s home and belongings), or in an aggregated format that protects individual privacy.
For the multifamily owners, who will be the parties liable if anything happens to their resident data, my recommendation is to err on the side of leaving the ownership and rights of the data with the generator of the data. With new laws and regulations coming soon (or already in place in California) around data privacy, the best way to ensure that the multifamily owner is protected when working with any new technology vendor is to understand the tech vendor’s stance on data ownership, not just security and privacy of the data. The vendor’s stance should be that data ownership resides typically with the residents and should have a way to give them access to their data and a way to delete their data. Tech vendors should also have an internal security and privacy council that regularly reviews data policies to keep up with the changing regulations and culture around data ownership.
It’s important to acknowledge that now more than ever, there are no simple answers to data privacy and it’s a conversation that is quickly evolving. But as technological advances are fast-tracked for global health purposes, the conversation around privacy must be fast-tracked in tandem. As the multifamily industry adopts more technology where data privacy is impacted, it gives multifamily industry leaders the opportunity to set the standards and do right by their residents and protect their residents’ data.