Thursday, April 27, 2017

Bells and Whistles for your Custom Fields!

So, we’ve been kind of proud of the way we have built the BuildingLink database, to be extensible by letting customers add their own data fields – whether to physical apartments, leases, personal dates, and data. You’ve made great use of this function – adding a total of 21,470 custom fields to date!

But, you’ve been letting us get away with “custom field murder” … we’ve only given you two types of fields: a text box field, and a date field.


Okay, well today we are going to start to make it up to you, with the FIRST of THREE really useful Custom Field Updates.

Custom Field Update #1 - New Data Types

We have two words for you: Boolean …. and ... Numeric!

BOOLEAN: When you go to define your custom fields, you can now select a Boolean type (see Wikipedia – or just think “true/false, yes/no, or on/off) and have users select between your two choices with a quick radio button click: “Is this person a health club member? ( ) Yes  ( ) No”

Pretty simple, right? Bet you can’t believe we didn’t have that yet. – Well, we didn’t!

NUMERIC:  You can define a numeric field for your numbers instead of using a general input field. Why? So you can specify cool “number-like things”:

Numeric data types will allow you to limit a field to only accept numbers, and to include currency symbols and decimal places. This is particularly useful for tracking information about monthly dues, rent amounts, square footage, number of shares – or any fields that should be used specifically to track numeric data.

Custom Field Update #1A – New Input Formats for Text Fields

And now, we have just four words for you: Drop down and Radio Button!

It’s been great having text boxes for your custom fields, where you can enter anything you like for any resident record. But what if you don’t WANT to be able to enter anything you’d like? What if you are just tired of typing in the same values over and over again? Well, then you are the reason we have added two new “Input Formats”, giving you three to choose from now:

TEXT BOX: Sometimes, you need the complete flexibility to type anything you want into a blank text box. This can range from tracking specific details about a unit’s construction, to writing in a Resident’s Access Card or Key FOB number. Our standard text box data-type will continue to accommodate these use cases.

DROP DOWN: However, other information needs to be tracked in a more standardized way – usually if there is a specific list of options that could answer a given question. Our new drop down list data-type allows you to define what options are available for a specific field, limiting the range of options to standardize your data, while allowing enough flexibility for you to capture the information that you need! You might use this display mode to define the condition of a piece of equipment (i.e. Dishwasher: (New, Good, Worn, Replace)) or, to track something’s state (i.e. Membership Dues: (Paid in Full, Partial Payment, Due, In Arrears)).

RADIO BUTTON: Finally, our new radio button display option will best be utilized in cases where there are a few possible options to choose from, like marking an apartment as 1, 2, or 3 bedrooms, or indicating a resident’s preferred greeting (was that Ms., Mrs., or Miss?).

Okay, so that’s the FIRST of THREE really useful Custom Field Updates. (You did remember that we promised you three, right? Stay tuned for the next update, in about 2-3 weeks. It is a mucho powerful one!

Have questions? Want to know more? Email us at

Wednesday, April 26, 2017

Data Privacy in a "Leaky" World: A Regulatory Update for our EU and Canadian Clients

Property management depends on having both fluid and timely access to data – whether for payments and arrears, maintenance work, moves, and a host of other events that take place in a building or for pertinent resident information. At the same time, data privacy regulations and expectations call for limits on access to personal data to keep it protected.

Integrity and trust are at the core of BuildingLink. We are dedicated to ensuring that the right data gets to the right people at the right time, and we are taking every measure possible to ensure our clients’ personal data and privacy is protected. With BuildingLink’s growing worldwide presence, we’ve seen an increased emphasis – both market-driven and regulatory – on ensuring client data protection and data access controls.

While everyone is entitled to an expectation that their personal data is protected, property managers of buildings located in the EU and Canada have an extra bar to clear regarding what they do with, and where they put, their residents’ data. This update is aimed at advising all clients, and especially EU and Canadian clients, how BuildingLink helps them meet that bar.

'Layering on' BuildingLink Data Protections

We’ve built (and continue to improve) our platform with your privacy in mind, by creating multiple “layers” of customizable options for crafting data access, use, and privacy rules that work for your property. At the lowest level, the platform provides controls for physical access to the BuildingLink site and data. All users are limited to logging in only to specific computers in specific physical locations via our “authorized computers” module. At a more micro level, you can set up niche, customized data access permissions for owners, managers, renters, and employees, according to what they need to perform their functions. For example, elevator operators could be given one level of access, while maintenance workers could be given another, according to the situation requirements. 

BuildingLink screen options enable contact functions without revealing contact information. In this way, it is possible to email a resident without divulging their email address, or call a resident without disclosing their phone number or other personal information. For further data protection, you can set up a system that flags data access and changes. It is possible to track the disclosure and integrity of data by enabling notifications upon access to, or modification of, data. (One possibility is setting up the system to send out an email to residents when any of their personal data is modified!)

Taking Your Software to Europe? Don't Forget Your "Privacy Shield"!

Maintaining balance to the extent that satisfies international data transfers across the Atlantic also requires an understanding of the law and what being compliant entails. It’s important to be up-to-date on data privacy because some major changes have just come into effect. The EU – U.S, Privacy Shield replaced Safe Harbor as the standard for sanctioned transfers of personal data between the European Union and the United States.

A Really Brief History Lesson: The Rise and Demise of Safe Harbor

From 2000 to 2015, the Safe Harbor Agreement governed the legal transfer of personal data from EU member countries to the United States. However, concerns about U.S. government surveillance programs – and the way social media companies transferred personal data across the Atlantic – brought the program’s effect into question. 

These concerns were at the center of a suit brought by an Austrian Facebook user, Max Schrems, that was referred by the Irish High Court to the European Court of Justice (ECJ) in June 2015 (case number: C-362/14). He argued that the United States does not provide “adequate protection”, and that U.S. surveillance programs like the NSA’s PRISM run counter to individual data protection. 

The court agreed with the plaintiff, and invalidated the Safe Harbor Agreement. 

Privacy Shield to the Rescue

In February 2016, the EU Commission announced the new framework called EU-U.S. Privacy Shield, and released the requirements for its certification. As of August 1, 2016, American companies could certify themselves as compliant.

Privacy Shield is a new program that provides a framework for the transfer of data from the European Union to the United States. (It replaces the recently invalidated Safe Harbor Principles.) There are several guidelines that a company must adhere to and include in their privacy policy in order to be certified under this shield. The goal is to safeguard private user information, and prevent the unauthorized dissemination of data. While certification under the EU–U.S. Privacy Shield is voluntary, once a company does certify, those guidelines are enforceable by law. This assures EU users that their personal information will be safe and secure in any data transfer to a certified U.S. company.

What's the Same and What’s Different about “Privacy Shield”?

Though it’s a new program, the core of Privacy Shield is the same as that of Safe Harbor. Both were established as a self-certification program based on seven primary principles for legal data transfers: (1) notice, (2) choice, (3) accountability for onward transfer, (4) security, (5) data integrity & purpose limitation, (6) access, and (7) recourse. However, in light of Safe Harbor’s shortcomings, there are additional avenues for enforcement, including notice, opt-out options, reviews, an independent ombudsman, and EU citizens’ enhanced redress options.

Accordingly, any business that aspires to certification must publicize its data management policy on its site, and then conform to it in its day-to-day practices. This doesn’t mean that it is etched in stone forever! The company can make changes, so long as it notifies the people whose data it collects in advance. If it fails to provide that notice, the FTC can take it to task. Along with the notice about its practices, the company has to provide a way for people to opt-out if they are not comfortable with the way their data is to be handled. 

Additional enforcement comes through the new supervision mechanism that stipulates compliance reviews by the U.S. Department of Commerce. The consequences for not being found in compliance could extend from sanctions by the FTC to removal from the list of Privacy Shield approved businesses. Another external check on compliance comes in the form of a new privacy ombudsman, who can hear complaints and queries from EU citizens. This is an important component of the program. It promises that Europeans will have different channels for communicating their concerns about their data usages. 

BuildingLink is proud to say that we fully live up to the Privacy Shield principles, and are listed among the certified Privacy Shield entities.

Heading North of the border? Say hello to PIPEDA!

Canada has its own set of regulations governing data privacy requirements. The Personal Information Protection and Electronic Documents Act (PIPEDA or the PIPED Act) governs how private sector organizations collect, use, and disclose personal information in the course of commercial business. In the real estate property management space, this has implications for both property managers and software products aimed at those managers. As one example, BuildingLink has added a series of data-aging filters to restrict access to resident activity data that is older than 30 days. The good news is, you don't have to be Canadian to take advantage of our data-aging filters. – They are an option for all BuildingLink clients!

The Data-Privacy BOTTOM LINE: What is Expected of You

Being compliant really boils down to this: be clear about what personal data comes through your system – and how you are using it – so that people fully understand, and cannot later say they didn’t realize that their data was being collected. Keep up the code of conduct you set! If you have to deviate due to some change in your business operations, provide people with clear notice, so they may choose to opt-out.

The above – and additional options – are all available on BuildingLink’s flexible platform, which allows the site manager to make sure that all data access and data use is purpose-built. Our BuildingLink team is happy to work with you to deliver a solution that is optimized to achieve your preferred balance of convenience and security. Contact us at to learn more.

Friday, April 14, 2017

Does “Smart Home” equal “Public Home”?

Companies, privacy watchdog organizations, and many private citizens are figuring out the implications of the recent action by the Trump administration. This act was to roll back the FCC regulations regarding what internet providers can do with your internet use, browsing history, and data.

An interesting article by Stacey Higginbotham discusses the question of what this “freedom to use private data” means, specifically for the smart homes and smart things (IoT) sector.
Because ISPs know your IP address and can associate it with your physical address, many of the installed devices on your home network are indelibly tied to your name. 
So the ISPs know you have a Nest, a Wink hub, a Chamberlain MyQ garage door opener, and now if they want they can share that information with marketers. What's more concerning is whether or not an ISP can see the specifics of your home IoT devices. Do they know when your motion sensors are triggered or what temperature it is inside your home?
Stacey also explains exactly what can and cannot be discovered by your internet provider, about what’s going on in your smart home. An interesting read!

She recommends this:
Look for connected devices that encrypt your data from the device to the cloud. 
This provides us with an opportunity to inform our users that our Aware by BuildingLink® sensor systems for residential buildings does just that!  All our sensors use 128 AES encryption on all data packets to and from sensors to hub, and our hub-to-cloud connection utilizes an SSL protocol. Our aim is to build solutions for our clients that are useful, easy to deploy, but also very secure.

We'd love to hear more about your sensor needs. Please feel free to contact us at