Funding
The Smart Beaches project was an initiative of Lake Macquarie City Council in partnership with Northern Beaches Council and the University of Technology Sydney. The project received $910,000 in funding under Round Two of the Australian Government’s Smart Cities and Suburbs Program in 2019-20. The project aimed to use technology to support lifeguard risk assessment and management, allowing them to focus on their primary role of protecting public safety.
In 2021 The NSW Government established the Smart Places Acceleration Program, which implements Action 8 of the NSW Smart Places Strategy. The Program is facilitated by a $45 million funding envelope under the Digital Restart Fund over three years to accelerate the development of smart places across NSW.
Through the NSW Smart Places Acceleration Program, the NSW Government is helping place owners – including councils, government agencies, property owners, and regional organisations – apply innovative smart technologies and capabilities. The government’s aim is to solve problems and improve the quality of life for communities across regional and metropolitan NSW.
The Smart Beaches project received $1.6m of funding for FY 22/23 under the Smart Places Acceleration Program. The application was written by Lake Macquarie City Council on behalf of the Coastal Safety Group. The state government support agency is the Office of Local Government.
This new round of funding enabled further development and scaling of those technologies that were most successful in the original. Technologies will be adopted in partnership with Local Governments responsible for coastal water safety.
The Technology
Smart Cameras
Smart cameras have provided Councils with an opportunity to gather insight into how the community uses their beaches. This insight is considered both valuable and aligned with the smart city ethos of using data for good (that is, to benefit the public). Visitation estimates are an essential factor in beach risk management. Historically lifeguard estimates have provided sporadic and inaccurate data.
Smart Beaches cameras take a wide angle shot of the beach at 15 minute intervals. These images are assessed to determine the total crowd number at that time. In this way a profile of beach usage can be built to inform coastal safety interventions such as Lifeguard services, signage and amenities.
Whilst Facial Recognition (FR) is often not possible on Smart Beach images, Smart Beaches has made a public commitment not to activate or use FR. This commitment is of critical importance to the community.
Lifeguard Reporting System
Smart Beaches will develop a standardised and automated reporting tool for lifeguard services across NSW. Available and emerging data sources will be integrated and made available via a secure, manageable open data platform. This tool will streamline lifeguard reporting processes and support the adoption of standardised data collection and coastal risk management decision making.
GPS Equipment Tracking
Small, battery powered devices are fitted to rescue equipment, jet skis, flags and signs. This enables automatic recording of rescue activity and beach sign status, improving data quality and quantity whilst remaining transparent to lifeguard workload. Tailored notifications can be sent to managers and the public to improve situational awareness.
Nearshore Wave Forecasting
The NSW Nearshore Wave Forecast tool provides transformed wave data based on offshore wave conditions from the NSW Waverider buoy network and BOM AUSWAVE forecast. Smart Beaches, with the Manly Hydraulics Lab, will deploy a nearshore wave buoy to collect data at a range of locations to further refine the Nearshore Wave Tool. Smart Beaches will also integrate the nearshore wave data into the Lifeguard Reporting System.
Outcomes
The Smart Beaches project adopted technology to improve coastal safety decision making.
Smart Beaches is underpinned by the following desired outcomes.
Partners
Privacy Management
-
From a privacy perspective, any collection and handling of personal information for any initiative must be done in accordance with the law. Additionally, community privacy expectations are important for Smart Beaches to understand and act on.
Smart Beches is required to comply with requirements set out in the laws of NSW and Australia; significantly, the privacy requirements set out in the Privacy and Personal Information Act 1998 (NSW). It is also important that legislative and contractual requirements applicable to any Contracted Services Providers are clear and adhered to.
Privacy Impact Assessment (PIA)s are conducted at the outset of an initiative (and at key junctures thereafter) to pinpoint and address privacy risk. PIAs will be conducted for all Smart Beaches technologies that involve personal information. There will be an accurate accounting of the data elements associated with Smart Beaches, including any personal information therein. Data flows will be documented to identify potential points of risk to personal information. -
An important feature of privacy is the giving of notice. Notice means that, when personal information is collected (or as soon as possible afterward), the community is told what personal information is being collected, why it is being collected and what will happen to it.
Notice is given to provide an explanation of the personal information Smart Beaches needs in order to conduct its business. Notice is not the same as consent. Consent is where permission is asked to collect personal information (e.g. where the information is ‘sensitive information’).
The information on this site forms part of the notice communication. Smart Beaches will also provide adequate signage and other forms of notice to inform the community that they are entering in an area where Smart Beaches technologies are in operation. -
Although there is value in having a lot of data to work with in a smart city, privacy law requires that Smart Beaches collects only the personal information it needs. This means that collection of personal information by Smart Beaches technologies must be limited and specific. Collection of personal information to be limited to that which is necessary to fulfill the functions of the Smart Beaches technologies.
When personal information is collected for one purpose, it is imperative that it is only used for that purpose (unless a valid exception or exemption set out in the Information Act can be applied). This ensures ongoing compliance with privacy requirements and, importantly, is consistent with community expectations.
To avoid doubt, the purpose for which personal information is collected via Smart Beaches technologies is made clear at the outset (e.g. through Notice). The personal information is then only used for that purpose. Smart Beaches will limit ancillary uses of personal information collected through Smart Beaches technologies by ensuring the purpose of collection is made clear through Notice and other forms of communication. -
Security can be seen as the fence around that which Smart Beaches must protect (e.g. personal information). Where IoT and other connected technologies are involved, security must be able to address the challenges of managing data in a digital environment. For initiatives like Smart Beaches, a strong information security posture ensures that personal information is kept safe throughout its lifecycle. To ensure compliance with the Information Act, the location(s) where personal information is stored will be important to consider.
Physical, technical and administrative controls are used to ensure the security of any personal information collected via Smart Beaches technologies. Personal information collected by Smart Beaches technologies will be held securely in a dedicated internal data management environments or in verified secure Contracted Service Provider (CSP) environments.
Where a CSP is involved with the collection and management of personal information for a Smart Beaches technology, security requirements will be clearly set out. -
The publication of personal information, intentionally or otherwise, in publicly available data sets associated with Smart Beaches would generally be outside the expectations of the community. Where it is desirable to publish data to public platforms, and particularly where data sets are likely to be combined, analysed and manipulated to reveal insights or trends in relation to community interactions with beaches, personal information must first be removed. If data cannot be de-identified sufficiently, it will not be used.
Privacy regulator guidance about de-identification is highly relevant, as a failure to properly de-identify personal information can lead to data breach and other unintended consequences. When used effectively, de-identification can help build trust in data governance processes overall.
-
Arrangements in relation to the management of the Smart camera system, including responsibility for maintaining the assets (cameras), network(s) used, manner of collection and use of camera footage, and data security, are formalised. Access to the camera footage is limited to those who require it to achieve the outcomes of the Smart Beaches systems and for valid purposes in accordance with privacy law including police.
Smart Beaches has made a strong public commitment that it will not use facial recognition capabilities.Smart Beaches cameras are not installed as security cameras, do not cover the whole beach and do not record continuously. Where it is desirable to publish images to public platforms, personal information must first be removed. If images cannot be de-identified sufficiently, they will not be used.
-
The privacy landscape in Australia and globally is complex. Industry-based vendors, service suppliers and platforms are unlikely to be captured by the same privacy law as Government, however they play a critical role in ensuring that Government’s privacy obligations are upheld. Where Contracted Service Provider (CSP)s are required to comply with the federal Privacy Act 1988, there are mandatory data breach reporting requirements they must consider under the Notifiable Data Breach Reporting (NDBR) scheme. It is vital that all contracts in relation to Smart Beaches clearly express the privacy, data security and NDBR obligations of CSPs.
Even where data breach reporting is not mandatory for a CSP, the identification and management of data breaches should be viewed as a critical component of any Council contracts with CSPs. CSPs involved with supplying, commissioning and maintaining Smart Beaches technologies and the underpinning digital infrastructure understand and uphold their obligations with respect to privacy and the protection of personal information.
Smart Beaches will ensure that appropriate clauses relating to privacy, data security and management of suspected or actual data breach events have been included in all CSP contracts.