The Ulster Museum is undertaking a pilot research project to help us improve our programming and way finding in the museum.
We are collecting anonymous WiFi connection data in the Museum from December to March. This research will only collect data while visitors are in the museum and will collect data through the existing WiFi system.
We will not identify individuals. Visitors who prefer not to participate can opt out and remove themselves by turning the WiFi off on their device.
The data collected will be used to identify trends in visitation, which will help us with future planning. WiFi connection data can provide us with a better understanding of how visitors use the Ulster Museum. We are trying to understand patterns of movement within the museum, not how specific individuals use it. The insights from the data will assist National Museums NI in improving the public services provided by the Ulster Museum.
We will not be collecting any additional data.
Data from the pilot research will not be held beyond the life of the project.
We will have signs up in the Museum during the research explaining that the WiFi data collection is taking place and how to opt-out.
In summary, we will be collecting the location of devices in the museum, identifying them by a pseudonymised version of their MAC address.
What WiFi connection data is
When a device such as a smartphone or tablet has WiFi enabled, the device will continually search for a WiFi network to connect to. When searching for a WiFi network, the device sends out a probing request which contains an identifying number specific to that device known as a Media Access Control (MAC) address. This is what we mean by 'WiFi connection data'.
How we collect it
If the device finds a WiFi network that is known to the device, it will automatically connect to that network. If the device finds unknown networks, it will list these in your device settings so you can decide whether to connect to one of them. When you are near one of our WiFi access points in the Ulster Museum and you have WiFi enabled, your device will send a probing request to connect. This will be received by our WiFi network, even if your device does not subsequently connect.
How we make sure we can't identify people
We will not be able to identify any individuals from the data collected. We have designed the process to identify patterns and to avoid identifying individuals. We are trying to understand how visitors as a whole use the Museum, not how specific individuals use it. All data collected is automatically de-depersonalised, using a one-way pseudonymisation process to ensure we are unable to identify any individual. This happens immediately after the data is first collected. Pseudonymisation is the process of distinguishing individuals in a dataset by using a unique identifier that does not reveal their 'real world' identity. This is a way of protecting people's privacy in accordance with the Information Commissioner's Anonymisation Code of Practice.
How we process it and how to prevent processing
If your device has not signed up to use the free WiFi provided by the Ulster Museum, it's an 'un-authenticated device'. When your device sends a probing request, it will contain a MAC address. Most modern devices send out a randomly generated MAC address to prevent unknown routers identifying the device. We will not process un-authenticated devices for the purposes described below. We will remove un-authenticated devices from the data that we will be analysing as soon as possible after receipt.
If you would like to stop your device from sending out probing requests, you can turn off WiFi on your device, turn your device off or put the device into airplane mode while at our museum.
If the device has been signed up for free WiFi at the Ulster Museum, the device will disclose its genuine MAC address. This is known as an authenticated device. The following processing only relates to authenticated devices. We process authenticated device MAC address connections (along with the date and time the device authenticated with the WiFi network and the location of each router the device connected to). This helps us to better understand how visitors move through the museum - we look at how long it took for a device to travel between areas of the museum and dwell time in certain galleries. As a visitor enters the museum (if their device has WiFi enabled), the device will attempt to connect to the W-Fi network. This is recorded in our WiFi data control system. We carry out a process of hashing once a MAC address is collected. Hashing is the process of generating a new value from a string of text (in this instance the MAC address). We carry out two rounds of hashing to make sure we never hold the original MAC address. One hash is with a single value (pepper), and the second is with another unique random value (salt) for each MAC address, each day. This pseudonymisation process provides continuity to the data without needing to record the MAC address which could identify an individual device. This means that we have to preserve our hashing key to maintain continuity of the pseudonymised data. We do not collect any other data generated by your device. This includes web browsing data and data from website cookies.
You can turn off WiFi on your device, turn your device off or put the device into airplane mode while at our museum.
Why the Ulster Museum is doing this
- WiFi data can help to understand the paths people take in the museum.
- Aggregated data can show which sections of the museum are underused and which areas of the museum are most popular.
- Data can be used with analytical tools and services to improve the way we plan our exhibitions and programming.
- We want to use technology to improve the visitor experience.
Data protection impact assessments
To ensure our approach to the collection of WiFi connection data is appropriate, we completed a data protection impact assessment on 9 September 2019, and we have consulted with the ICO to ensure we are operating in accordance with GDPR.
Length of time we keep Wi-Fi connection data
National Museums NI will not hold data beyond the life of the project.
Keeping information secure
Each MAC address is automatically depersonalised (pseudonymised) and encrypted to prevent the identification of the original MAC address and associated device. The data collected is stored in a restricted area of a secure location. All access is governed through industry standard authentication methods. Access is limited to a restricted group of users - i.e. only those whose access to the data is necessary for their role.
Individual depersonalised device WiFi connection data will only be accessible to a controlled group of employees. Aggregated data developed by combining depersonalised data from many devices may be shared with other departments and external bodies. Aggregated data will include counts of numbers of devices, rather than data containing pseudonymised MAC addresses.