Leaking a condominium’s database can cause great harm to residents, visitors or service providers. This includes information such as full name, CPF number, license plate, personal telephone number, biometrics, fingerprints and images captured by cameras that, if handled improperly, can serve as raw material for forged documents for crimes.
Condominium administrators collect this sensitive data for security reasons and must record it in compliance with the LGPD (General Data Protection Law). In force since last year, the law allows citizens to demand clear information from public and private companies about what data was collected, how they are stored and for what purposes they are used.
“There was some uncertainty regarding the application of the LGPD to condominiums until recently, but, considering new regulations published by the National Data Protection Authority, it has come to be understood that it is indeed applicable to condominiums,” says the lawyer. Fernando Bousso, head of data protection at Baptista Luz.
According to Aabic (Association of Real Estate and Condominium Administrators of São Paulo), it is up to the condominium to designate a person in charge of personal data: it can be the trustee, the sub-manager, a member of the board or even a joint owner. It is he who will answer for any damage caused to data subjects.
The condominium suitability plan should start by identifying all internal flows that involve personal data from collection to storage.
It is necessary to verify when this data was collected, what type of information it was, where it is stored and which supplier was involved. “Making a whole mapping to identify points of improvement”, says Bousso.
All agents with which the condominium has a relationship must comply with the law. Employees, contractors, the administrator must receive training to ensure data security.
Check the rules for data storage
Residents should be advised of:
- what data is collected
- for what purpose
- with whom they are shared
- who has access to personal data within the condominium
- what security measures are in place to protect them from leakage or illicit use
Images from indoor security cameras
- There should be notices that the environment is being filmed
- Cannot injure the privacy of residents
- The professional with access to the images must have training
- The storage of images must be done securely, with restricted access
- The trustee, as the legal representative of the condominium, may have access to the captured images, or appoint a technician for the analysis, but the supply to third parties (breach of confidentiality) can only occur by means of a court order.
Fingerprint, face, iris and voice recognition
- Collection must be spontaneous
- The condominium needs to delete this data when there is a change of residents
- It is recommended that the condominium review contracts with companies that process personal data
Personal data of children and adolescents
- They must only be obtained with the consent given by at least one parent or legal guardian
- May be collected without consent only when necessary to contact a parent or legal guardian or for their protection
- They must be stored in a safe place, accessed only by authorized persons.
- Avoid storage in places where documents can deteriorate
Source: Aabic (Association of Real Estate and Condominium Managers of São Paulo)