How prepared is your association or your management company in today's high technology world of information? Have you taken the time to evaluate if association data is in compliance with the latest privacy laws in regards to homeowner personal information?
More and more personal data is being stolen from "secured" files, by individual(s) who are well versed in breaking through firewalls, security login, and password protected files. If a homeowner's personal information were lost or stolen from the association database, what is the contingency plan? Are those homeowners notified, and if so, how is this done, when is it done, and how will it affect your association or management company reputation. These are all questions that need to be asked as the risks related to data theft become more significant.
How can the association records be protected?
- The association has spent thousands of dollars on preventive maintenance for association assets. They've retained a reserve study specialist to assist in evaluating future monetary needs for those assets. The banking selection is set to protect the long-term funds that have accumulated. Now, how much time has been spent on protecting those "paper" and/or "electronic" records from being stolen, thus putting the association and its members in jeopardy?
- First, take a good look at federal, state, or local laws to determine what homeowner personal records are to be protected ("personal information does not include publicly available information"). "Personal information" will usually mean an individual's name, social security number, driver's license number, account number, credit or debit card number, in combination with any required security code, access code, or passwords, medical information and family information.
- Take all reasonable steps to destroy or arrange for the destruction of a homeowner's records within your custody or control containing personal information which is no longer to be retained by (1) shredding, (2) erasing, or (3) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.
- Have an association or management company policy in place on what is considered confidential information and communicate that policy to board members and employees alike.
- Explain to board members and/or employees how to properly disclose information to members.
- Make sure the association has the most current contact information about the homeowner so that notices are available should they be needed.
Setup a control system so that data accessibility and hacking into the system is almost foolproof.
- Purchase liability insurance now, just in case records are stolen or become compromised.
What are some of the risks for your association or management company?
- Lawsuits - either from the association client or from the homeowner.
- Major loss of confidence by the client of the management company's ability to protect the association records.
- Tarnished reputation in the marketplace that could lead to a loss of clients or future clients.
- Depending on federal, state, and/or local regulations, the association or management company may be in violation of laws that carry strict fines and penalties.
- Vulnerability to increases in association or management company insurance premiums if your claims are excessive.
- Does the management company allow employees to remove hard copy association records or electronic data from the office? Are employees working from home and storing homeowner personal information on home computers or in file cabinets? Compromising association data is a huge risk to your business.
What happens when a catastrophe occurs?
- Implement steps to determine the scope of the breach of information and what measures are in place to restore the integrity of the system.
- Provide quick response to the compromised homeowners with information on what is being done to help protect them from identity theft.
- Know what your obligation is for notifying the homeowners in a timely manner; what, if any, state laws are in place that outline specific deadlines.
- Safeguard your organization and your association clients from negative publicity by immediately releasing pertinent information. Be helpful, not a hindrance.
- Contact your insurance agent immediately to determine if there are things that should be done to reduce further losses.
- Review the required laws and regulations to comply with the crisis management.
If your association or management company has not taken the time to review your vulnerability in protecting individual privacy for your homeowners, today is a good time to get started. Each day that passes is a gamble that you are taking with these records. There are many technology vendors that can provide consulting services to assist in developing a comprehensive plan for protecting homeowner personal information.