Infrastructure sector must get to grips with data
There is often uncertainty in who owns the data captured by the infratech assets
Infrastructure companies need to become adept at handling and using data and managing cyber risk to exploit opportunities in “infratech” projects and comply with stringent new regulations.
While technology or financial services firms have developed a culture of handling data properly and adopted best practice on cybersecurity, these are new challenges for infrastructure companies more used to handling materials than data.
However, if they are going to take advantage of the convergence of physical infrastructure and digital technologies – otherwise known as infratech – they must get to grips with this new landscape.
Infratech is already being deployed to improve the operation and performance of infrastructure assets. For example, motorways are being fitted with smart technology to help manage traffic flows. The infratech era is spurring a growth in collaboration between infrastructure owners, operators and technology firms, but there is often uncertainty in who owns the data captured.
A Pinsent Masons report, The Evolution of Infratech, highlighted a mix of views within the infrastructure and technology sectors about who typically owns data in infratech projects and who should own that data. The survey found that 91 per cent of respondents want an “open access” approach to data among collaboration partners, but in reality just 62 per cent of projects operated such a model.
The survey also showed that 38 per cent of respondents from technology companies and 34 per cent from infrastructure businesses identified agreeing data requirements or standards in infratech projects as a challenge.
What is clear is that infrastructure companies must get a handle on capturing and analysing data to stay relevant in the developing market, and that they must do so in a way that meets the requirements of data protection law, because some of the data captured through infratech could be classed as personal data.
In Europe, current data protection laws have been in place since 1995. From May next year more stringent require - ments will begin to apply in the UK with the General Data Protection Regulation ( GDPR) setting conditions for processing personal data, and providing for a number of rights for data subjects in relation to the accessing, rectification and erasure of personal data which is held about them.
In some cases, infrastructure companies’ cybersecurity obligations will extend beyond the realms of keeping personal data secure, and fall within the scope of the EU’S new Network and Information Security ( NIS) Directive. National laws imple - menting the NIS Directive must be in place by 9 May 2018. Fines of up to £ 17 million or 4 per cent of a firm’s global turnover, whichever is higher, could be imposed for loss of service if the operator has not taken steps to guard against the risk of the likes of cyber attacks, power failures and environmental hazards.
Compliance for infrastructure companies may be seen as similar to the shift in culture, policies and practices that was required to meet the requirements of health and safe - ty regulation. The principles of compliance between the two distinct regimes are similar: increased documentation; emphasis on staff training; security on- site; transparency over breaches.
Compliance may involve a significant amount of work for a sector not used to operating with data and cyber issues at its core, but it is encouraging that many companies have already begun to prepare. Infrastructure operators that meet the challenges will not only reduce risk from damaging fines and reputational damage, but will have the type of data and systems- handling operations that will open up their business to the opportunities that infratech presents.