What practices protect data privacy in smart building initiatives?

• A. Protects occupants' information; implement access controls, encryption, data minimization, and governance policies.
• B. Privacy is not necessary in smart buildings.
• C. Use generic backup procedures only.
• D. Rely on user consent without controls.

Answer: (A)

In smart building initiatives, protecting occupants' privacy comes from implementing controls across the data lifecycle that limit who can access data, protect it, and govern its use. Access controls ensure that only authorized people and devices can view or process information, applying least-privilege principles and strong authentication. Encryption keeps data unreadable if it’s intercepted or stored, both when it’s moving between devices and when it’s stored in databases or systems. Data minimization means collecting only what’s truly necessary, and using anonymization or pseudonymization wherever possible to reduce identifiable details. Governance policies provide the rules and accountability for data handling, including who can collect, use, share, and retain data; how consent is managed; retention schedules; data sharing agreements; and regular audits to verify compliance.

These practices work together to reduce privacy risks, support compliance with privacy laws, and help build trust in the building’s technology. Relying on generic backups or on user consent alone without robust controls is insufficient because backups don’t address access, encryption, and retention, and consent without accompanying controls cannot ensure ongoing privacy or prevent misuse of data.