Facebook – building access failure
You will no doubt have seen (or experienced) the recent unavailability of Facebook and its subsidiaries including Messenger, WhatsApp and Instagram for several hours. The global outage was caused by ‘a configuration change to the backbone routers that coordinate network traffic between the company’s data centres’ – meaning that everything stopped working.
It was also reported that Facebook staff were prevented from accessing their own office buildings as the security pass system was also affected by the outage, which exacerbated the problem further. A report by Business Insider looking at this story in more detail may be found here.
So what?
Planning for the risk of not being able to access your own building due to a technology failure may previously have been considered over the top, but this story provides a good example of where establishing a plan B up front could have saved significant financial and reputational damage.
Cyber security – supply chain risk
Earlier this year, PropTech firm Plentific was the victim of a cyber security attack which exposed their users to a scam. Plentific runs a platform that allows property managers to manage and source local repairs for their tenants. Scammers gained unauthorised access to the system and the email addresses of some of the residents. The scammers subsequently sent phishing emails to these tenants, posing as Plentific and requesting the transfer of digital currency to pay for repairs.
Plentific took immediate steps to remediate the situation and prevent any further attacks. However, one of its major housing association clients suspended all new work with the firm until a full investigation had been completed, whilst another paused a pilot project with them. A story looking at this in more detail by Inside Housing may be found here.
So what?
This case highlights the cyber security risks that property companies and buildings face not only directly but also through their supply chain or third-party partners. It is important that this is considered and policies are in place to address and manage the risk of suppliers.
GDPR – data transparency matters
In September, the topic of data transparency was in the news when Ireland’s Data Protection Commission (DPC) fined WhatsApp €225 million for failings of transparency under EU data protection laws.
The fine related to failures identified with the information the company provided European users and non-users about how it processes their data and about their rights as data subjects.
Under the GDPR, companies that process people’s data must be clear, open and honest with those people about how their information will be used. After a three-year investigation, the DPC concluded that WhatsApp failed to live up to the standard required by the GDPR. It issued the fine and ordered the company to improve its transparency practices within three months. WhatsApp disagreed with the decision and plans to appeal. Further information may be found in this story about the case by the BBC.
So what?
Whilst this case focuses on a technology company, the same principles apply to buildings. At a time when buildings are collecting more and more data from their users – owners, occupiers and managers must ensure they are fully transparent about the data being collected and how they are using it in order to comply with GDPR. Every building should have a high-level data policy that is available to users.