Residents’ associations are formed to serve a membership of the community’s residents and are responsible for maintaining community-owned properties, internal processes, recreational programming, landscaping, and more. As they serve many individuals and households, residents’ associations are required to collect, use, and protect personal information, such as addresses, phone numbers, and credit card information, which are at risk of a security breach.
In order to guarantee that you are protecting your community’s personal information on behalf of your residents’ association, here are some important best practices and procedures follow.
Create a Data Protection Act
As you begin collecting information on behalf of your residents’ association, it is imperative to introduce and enforce a Data Protection Act. Consult with a legal professional or an IT security expert to form your association’s official document, so that it clearly states the principles of how and why information can be acquired and retained. Generally, these principles should state that personal information is:
A Data Protection Act should also specify that information will only be used for the purposes of administration, public relations, accounts, and records, and for communication between the Association and its members. It should note that information cannot be shared with a third party.
Safeguard Physical and Electronic Data
While governing the collection and use of data through your association’s Data Protection Act, your association must also employ measures to safeguard physical and electronic data from theft or misuse. If your data is stored offline or in a physical location, lock all doors and cabinets, set up surveillance, and secure vulnerable portable devices to permanent fixtures. For example, a laptop that stores many critical passwords can easily be stolen, if it is not secured to the desk with a cable lock.
When storing your data online, it is vital for a residents’ association to block intrusions using firewalls, anti-malware, and anti-spyware security software, which monitor incoming Internet traffic and guard against malicious attacks. Among staff members, require the use of secure, complex passwords that are uncommon, which slow hackers down. And if possible, employ encryption protocols for data that is transferred between computers, browsers, and websites, or stored on servers and databases.
Obtain Explicit Consent in Forms
Data collection can help inform organizational priorities and monitor engagement and participation in your association’s activities, for example. While account history, payments, notes from previous correspondence, and user behavior on your website can provide these helpful insights, this information requires the express consent of the person providing data.
The law requires that residents’ associations obtain consent individually from its members before recording any personal data. A consent form will satisfy this requirement, whether your association chooses to use a physical form or an electronically submitted agreement on your website.
By taking a proactive approach to data protection, educating your association’s staff and its members, applying security measures both online and offline, and observing the Data Protection Act, your residents’ association is better equipped to protect data and prevent vulnerabilities.
Yet, it’s important to remember that protecting physical and electronic data is an ongoing process that must be updated constantly to fend off newly identified threats. To truly ensure your residents’ association is protected from newly identified and changing security threats, consider hiring a building security expert or a network security freelancer.
Want to learn more about how to manage and secure data for your residents’ association? Download our data sheet for a complete overview of how Xplor Recreation's association management software protects your clients data and privacy.