This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
out of Community Association Taking the


Byte Daniel Zimberoff, Attorney


Community associations, like many organizations, have caught the technology wave and are increasing their reliance upon the Internet and other digital media for conducting business. As more and more of these associations migrate information from paper to electronic bytes, the specter of electronic privacy looms large. This article offers an overview of electronic privacy issues as they relate to community associations in order to assist board members and managers avoid pitfalls and problems as they ride the digital technology wave.


Electronic Personal Identifiable Information


There are several segments of electronic data involving condominium or homeowner association members that may be sensitive or confidential. These areas include bank account or other financial institution information for homeowners who pay monthly or other assessments electronically, personal information such as telephone numbers and email addresses, and a host of personalized computer settings and other digital information for homeowners that potentially could be mined or exploited when they log onto an association server or server hosted by a company hired by the association to conduct electronic services.


A homeowner’s financial or personal information is


self-explanatory, but many computer users may not be aware of all of the information that can be obtained from their computer when they visit an Internet website or download a file. Internet Protocol (IP) addresses, the individual “address” and identifying electronic “fingerprint” for the computer, may be logged and analyzed. In addition, a user’s profile, cookies (files on a user’s computer that identifies them as a unique user and tracks web usage) and other search history and purchasing or browsing patterns can be logged, tracked, analyzed and even sold to companies that exploit the information for spamming or other mass marketing purposes.


Washington Law Regarding Electronic Privacy


There is very little statutory or case law in Washington regarding electronic privacy, and none with respect to community associations or non-profit corporations.1


It likely will take several


more years before laws and court decisions are published giving guidance on this important and ever-evolving topic. In the interim, an association may wish to look to other laws by analogy. In the instance of electronic privacy, since there are no laws affecting community associations in Washington, as a start, an association may wish to review RCW 43.105.310 for guidance.2


The statute provides general guidelines for privacy of records and information by state agencies:


State agencies and local governments that collect and enter information concerning individuals into electronic records and information systems that will be widely accessible by the public . . . shall ensure the accuracy of this information to the extent possible. To the extent possible, information must be collected directly from, and with the consent of, the individual who is the subject of the data. Agencies shall establish procedures for correcting inaccurate information, including establishing mechanisms for individuals to review information about themselves and recommend changes in information they believe to be inaccurate. The inclusion of personal information in electronic public records that is widely available to the public should include information on the date when the database was created or most recently updated. If personally identifiable information is included in electronic public records that are made widely available to the public, agencies must follow retention and archival schedules. . . retaining personally identifiable information only as long as needed to carry out the purpose for which it was collected.


In short, under the statute, an association should “ensure the accuracy of the personal information to the extent possible.” In addition, “to the extent possible,” information must be collected directly from a homeowner with their consent. The information should be updated and there must be retention and archival schedules “retaining personally identifiable information only as long as needed to carry out the purpose for which it was collected.” Thus, a community association may similarly want to follow these steps “to the extent possible.” The author recommends revising this tenet slightly, to make it “to the reasonable extent possible.”


Practical Considerations for Community Associations and Personal Identifiable Information


In addition to looking to an analogous statute, a community association also may wish to see how the commercial industry is responding to electronic privacy issues. A review of several website hosting and virtual community association company websites reveals that each one of these companies has strict and comprehensive policies regarding protection of electronic privacy and personal identifiable information. Such protocols include:


1. Strong firewall systems that provide defense against hacking by third-parties;


2. Assurances that all electronic information is kept confidential and never provided to any unauthorized persons;


3. All electronic information must be provided voluntarily with consent;


continued on page 26 may/june 2011 | Community Associations Journal 15


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40