op-ed: smart technologies and associated cyber-related threats. - smart technologies

Byline: Xavier Clark's advances in software and technology have enabled the industry to operate more effectively and make greater profits.
The construction industry is no exception.
Industry-
Technical solutions tailored to almost every function of the construction company, including payroll/accounting, HR, project management, modeling and design, and evaluation, etc.
These tools enable some contractors to be design-
Build a company by performing tasks
The house they had to outsource before.
Smart or "internet connection-of-
Internet of Things devices are increasingly used in workplaces to monitor environmental conditions and device performance.
They can provide real for builders.
Time insight to reduce accidents, downtime and loss.
Wearable technology improves the safety and productivity of employees through biological feedback and monitors the movement of personnel and equipmentsite.
New technologies can bring huge benefits to construction companies of all sizes.
Like any tool, based on the large amount of data collected, stored, or otherwise processed by software programs and connected devices, the use of software and devices can be at great risk.
Cyber crime is on the rise, and database and cyber attacks affect more businesses every year.
Besides the network
Threats, the evolving global landscape of consumer privacy laws requires awareness of changing compliance and regulatory obligations across all industries.
Construction companies often do a good job of understanding and identifying risks and developing plans to manage them.
Although risks, requirements and capabilities vary from company to company, all businesses can benefit from data collection and data minimisation and prioritize data privacy and document security.
Putting these principles into practice will help businesses understand and reduce data privacy and security risks and mitigate harm in the event of an accident.
Data mapping and data minimizing data privacy risks cannot be addressed without understanding the data processed by the organization. ?
Data Mapping involved?
The data types, uses, storage and processing of the business are described.
This process often exposes data processing activities that may be overlooked.
Outsourcing and digital data?
Processing activities can easily be broken without mapping. ?
For example, many connected devices require user profiles and even allow employees to run programs on their own devices.
If the use of a device or program can be traced back to an individual, the business needs to understand the data collected by the device or program and the purpose of the collection, as well as the location of the transmission and storage.
Data elements such as biological feedback or location data can be considered personal data if they can be used to identify individuals.
Processing of personal data may trigger additional regulatory and compliance obligations of the employer under applicable law.
If accessed by unscrupulous users, it will also bring greater risk of cyber attack damage.
Also, if the device or program is connected to other systems of the builder or client, it may provide an ingresspoint for the hacker.
Contractors typically process personal data through human resources, wages, and health care programs related to employees.
However, hackers who try to access confidential or sensitive information or systems from customers will often be targeted by contractors.
The most widely known case is that 2013 of the data violated the target, involving about 40 million credit card numbers, with a cost target of more than $0. 2 billion.
The thief accessed Target's system viaa project management platform using the credentials of the third theft
Party HVAC suppliers
The data mapping process provides a great opportunity to review the services provided by the vendor.
For outsourced services, should business and itsvendor discuss any data processing?
Any control provided by the supplier to protect personal data, such as anonymization or encryption.
The mapping will inform the contractor of therisks related to its practice and enable it?
Evaluate the area in which it may be able to "minimize" the data processed.
Data minimisation is the practice of limiting data collection, processing and retention to the existing scope?
Necessary to achieve specific business goals.
Some privacy laws, such as the EU's General Data Protection Regulations, require data to be minimized.
Even if it is not explicitly required by law, data minimisation can reduce costs and remedy the costs of cyber attacks.
The cost of data storage can increase rapidly.
Limiting the amount of data stored can reduce costs associated with storage and safe destruction of data. ?
Storing excess data may increase the likelihood of a default and also increase the likelihood of remediation of a default.
Remedy for data leakage?
Each record that may be destroyed must be checked.
If a default occurs ,?
Remediation costs may be magnified for organizations that store more than necessary data.
Data privacy and security in documents that emphasize data privacy and protection in policies, procedures and contracts help businesses master data practices and make it easier to identify risks.
When signing contracts with suppliers and customers, discuss how to process and store data according to the agreement.
The contractor should be aware of the risk allocation associated with data processing.
The contractor may have little say in how the technical tool handles or stores the data it touches, and should be careful to assume the risk liability primarily beyond its control.
As the workplace is increasingly equipped with connecting equipment, contractors must have strong policies and procedures related to proper data processing.
In recent years, phishing, email spoofing and other social engineering attacks have become successful forms of cybercrime.
These crimes are designed to deceive employees into disclosing credit information such as passwords or accounts.
The attacker uses this information for seemingly real fraudulent transactions, such as re-routing wire transfers or extracting funds from the account.
Maintaining written resources can help employees discover these attacks before they become victims of them.
In an increasingly digital building environment, the amount of data faced by contractors is larger than ever before.
Realizing that data processing practices will reduce risk while allowing businesses to confidently integrate advanced technology solutions into their operations.
Xavier Clark is a lawyer with Schwabe, Williamson & Yue.
Contact him 503-796-
2062 or xclark @ schwabe. com. Copyright {c}
Bridge tower media 2019
All rights reserved.