Designing your connected place to protect its data
Updated 10 July 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/secure-connected-places-smart-cities-guidance-collection/designing-your-connected-place-to-protect-its-data
Connected places collect and process huge amounts of data which comes with its own risks. It is important that connected places project leaders/managers, IT professionals, cyber security leads and those managing and processing users’ information, understand what data their connected place collects and where it is stored, as well as have confidence it is being stored and transported securely. The following guidance outlines key things to consider and the current best practice, it may be particularly relevant to data officers or individuals with responsibility for managing your organisation's data.
This guidance is relevant to:
- Connected places project leaders/managers
- IT professionals
- Cyber security leads
- Information managers, processors and users
Owner: National Cyber Security Centre
About this guidance: This guidance outlines 15 good practice measures for the protection of bulk data held by digital services. It provides connected places project leaders/managers, IT professionals and cyber security leads with advice on what to look out for in how your system is designed, implemented and operated to help protect your bulk data held by digital services.
Security-Minded Approach to Open and Shared Data
Owner: Centre for the Protection of National Infrastructure
About this guidance: This guidance provides a framework on how connected places project leaders/managers, IT professionals and cyber security leads can adopt a security-minded approach to the sharing of data without undermining the principles of open data or reducing the benefits of data sharing.
Owner: National Cyber Security Centre
About this guidance: This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.
Guide to the UK General Data Protection Regulation (UK GDPR) (Security)
Owner: Information Commissioner's Office
About this guidance: This guidance will provide connected places project leaders/managers, IT professionals and cyber security leads with an understanding of the 'security principle' of the UK GDPR policy.
Secure Communications Principles
Owner: National Cyber Security Centre
About this guidance: This guidance aims to help connected places project leaders/managers, IT professionals and cyber security leads assess the security of voice, video and messaging communication services.
Security-Minded Approach to Digital Engineering
Owner: Centre for the Protection of National Infrastructure
About this guidance: This guidance outlines how all those involved in the design, procurement, implementation and management of connected places can apply a security-minded approach to digital engineering, for instance using information generated by sensors and contained within digital models.
Pattern: Safely Importing Data
Owner: National Cyber Security Centre
About this guidance: The guidance identifies a set of technical controls which can be used to manage the risks associated with importing data over a network. It is particularly relevant for systems where integrity or confidentiality are paramount, such as those which handle sensitive or personal data, classified information, valuable transactions, or those which operate industrial control systems.