Writing Down Unwritten Privacy Policies Protects You. Here's How to Do It.
June 27, 2013 — You already have a privacy policy at your co-op or condo, whether you know it or not. The board president knows who's allowed to access security video. So do the managing agent and the super. More or less. I mean, it's not exact or anything. They just sort of know.
And that's dangerous — because as building professionals and others discussed in Part 1 of this story, unwritten de facto policies by their very nature are prone to misremembering, misinterpretation and on-the-fly changes. Writing down the unwritten rules helps avoid such problems and provides clarity and fairness. But how do you create a written privacy policy? Turns out, it's not so hard.
According to privacy and security experts, a co-op / condominium security policy has to take into consideration three issues: employee gossip, data security and data access.
With buildings managed by Cooper Square, says company president Dan Wurtzel, "there's a privacy policy that says doormen are not permitted to chat with residents about the comings and goings or anything involving another resident. That's standard protocol. If a doorman says, 'Hey, you should see the people who go in and out of Mr. Jones's apartment in the evening,' that's grounds for disciplinary action, up to and including termination. If the doorman reports to the super or management that, 'We think there's suspicious activity based on the kind of visitors and when they're arriving,' that's okay," he notes.
There's no reason that
security and privacy
have to be mutually exclusive.
The second issue is maintaining the security of your collected data. "Boards always have to adapt to changing technology, and changing methodology," says Warren Schreiber, president of Bay Terrace Cooperative Section 1, a 200-unit garden-apartment complex in northeast Queens, and the co-president of the Presidents Co-op and Condo Council. With identify theft becoming a growing concern, he notes, "instead of people breaking into an office at night, you have people hacking into computers or surveillance systems."
Steps to Securing Data
So what exactly does securing your data entail? For most buildings, it means protecting paper documents, security-camera footage and electronic key-fob data.
Paper documents. Residents' personal information, should be kept to a minimum, and Social Security numbers should be stripped from them. Files should be kept in a locked cabinet, preferably within a locked closet or room; many buildings keep them off-site, at the management company's office.
Stored security-camera footage — as opposed to the real-time feed doormen typically monitor for emergency situations — is trickier since it can be stored in different ways. Some older systems may still use videotape, but today footage is mostly stored on a DVR or a remote communal server.
None of this should be readily available, even to the condo / co-op board members. When a report is made, footage could be made available to a third party, like the management company, who could notify the board or the police. However, notes veteran attorney Bruce Levinson, of the Law Offices of Bruce Levinson, security footage "is not something that should be the subject of due diligence by attorneys representing potential buyers: 'Well, I want to look at the tapes to see if it's a safe building and whether my client should buy.' That is inappropriate."
"It is a good idea if you limit times and conditions" under which data can be accessed, says Leslie Cole, head of the security-management firm Leslie Cole Associates, "so you know how and when it is used and who's using it."
In fact, "a lot of times [building staff doesn't] even do that," says Matthew Arnold, president of the security-tech company Academy Mailbox. "Instead, they call us and we go and burn a CD or [put the footage on] a flash drive," he says, referring to a portable data device, also called a thumb drive, which is the size of a small matchbox.
Key fobs. How do you physically secure a DVR or the computer that houses key-fob data? "You lock them off [in a box] in a basement room that's locked," says Arnold. While this need not literally be a basement room, such equipment should never be in an unlocked environment. Many buildings keep them in the super's office, which may not be kept locked, creating a security risk. Regardless of who can access it, your data should be password-protected.
Other Considerations
How often security-camera footage gets erased is another aspect of policy. Do you really need to keep over two years' worth of footage, as some systems are capable of doing? Commonly, says Arnold, "it gets erased after 30, 60, or 90 days."
Are there downsides to having a written policy? "Once you have a written policy," Levinson says, "you have to substantially comply with it."
But isn't that the point? To prevent boards and others from behaving badly? If you break a policy to spy on your neighbor or do opposition research on a board candidate, shouldn't that carry a consequence? And a policy applied evenly and without favoritism can help blunt lawsuits by shareholders/unit-owners claiming that the board or management is after them.
Ultimately, says Neil Davidowitz, president of the management company Orsid Realty, security and privacy can co-exist. "As long as you have systems protocols and you share those with your residents, there's no reason that security and privacy have to be mutually exclusive."
For more, see our Site Map or join our Archive >>