Legal
December 21, 2022 Published by North Alberta Chapter - By Heidi N. Besuijen
Considerations for Privacy Rights in Condominiums
Following from a recent presentation addressing condominiums corporations and obligations under privacy law, this article works to recap that presentation and address certain questions arising from it.
Following from a recent presentation addressing condominiums corporations and obligations under privacy law, this article works to recap that presentation and address certain questions arising from it.
Condominiums in Alberta are bound by the operation of the Personal Information Protection Act, SA 2003, s P-6.5 (the “Act”). The Act addresses the collection, use, and disclosure of personal information which is broadly conceived of any information about an identifiable individual.
It is important to note that privacy law is nuanced. The Act largely operates to offer the broadest possible protection of individual’s person information and then proceeds to carve out exceptions. For this reason, there are no easy answers and condominium corporations would be well served to develop privacy policies to aid in the governance of private information in an appropriate manner. In fact, the corporation is obligated to develop such a policy and any practices flowing from it.
Many questions were received regarding the privacy officer and their role. Simply put, the privacy officer is tasked with ensuring the privacy policy and any practices are followed. There is no strict requirement to have a privacy officer, the Act contemplates that one might be appointed, but it makes sense to have one “expert” who is knowledge on the issue of privacy at the corporation and can keep everything on track with regard to how personal information is managed. Essentially, condominiums must ensure that any personal information gathered is gathered for an appropriate purpose or purposes, is used in accordance with that purpose or purpose, and is only disclosed where there is consent to disclose or consent is assumed. The policy ensures this happens and the privacy officer (if one is appointed) ensures the policy is properly implemented.
Common personal information that condominium corporations could be expected to encounter include the names of any persons on title for a unit, the names of the occupants of a unit, the contact information for any of these persons, information about who is in arrears and the extent of them, information provided relating to rental of social or common areas, insurance information, details relating to individuals found in meeting minutes. All of this information must be appropriately managed.
An example of this might be the meeting minutes of the corporation. As you are likely aware, the meeting minutes are amongst the types of information which can be requested from a condominium corporation. Before releasing such Before releasing such minutes, then, it is important to review and vet the minutes in order to redact any personal information for which there is no consent to disclose. It is suggested that any time the minutes are approved, a redacted or anonymized version of the minutes is produced immediately in order to have those ready to provide in response to any information request. This will ensure there is no need to frantically review minutes to meet the tight deadlines for disclosure, will distribute the work over time to allow any redactions to be applied as the minutes are reviewed or shortly thereafter and, hopefully, ensure each set of minutes need only be reviewed once for this purpose.
Corporations working towards developing a privacy policy (which is recommended you at least have legal counsel review if not draft for you) should consider all of the personal information they will encounter and collect. They should also consider where that information will be kept and how it will be kept in order to address security concerns arising from that and also in order to allow ease of access when any requests relating to the same might come in.
One aspect relating to personal information is the accuracy of such information so a process for updating information (both on an as-needed basis such as when an owner sells and moves as well as on a regularly scheduled basis to catch anything that might have changed otherwise) is important to incorporate.
You will want to address who access information and how they access it including who will respond to requests for information and how those will be met.
Records retention is an important aspect of managing personal information. The Condominium Property Regulations (at Schedule 3) have a requirement for minimum retention periods for corporation records. This should inform any policy in terms of what information is maintained and for how long (be it personal information under the Act or not). Records can take many forms (i.e. reports, minutes, budgets) but one which you will want to consider is the management of emails and the information contained in them. Many corporations use cameras to provide surveillance of key areas (entrances/exits, parkades). Corporations may only do so where surveillance is linked to the purpose it is said to be carried out for and should be limited to areas where there is no expectation of privacy (i.e. surveilling a common entrance to a building is ok but surveilling unit doors likely is not).
Corporations must be sure to post signage alerting anyone who may be caught by these cameras that the surveillance is being done and what the purpose is for it. Further, information must be made available as to who may be contacted in the event of any questions.
Your privacy policy should address these matters as well as who will deal with any questions or requests coming in, how they will respond to them and the timeline for doing so. One last comment for developing your policy, as always, it is important to review your bylaws and consider how they might inform the development of your policy.
Do they account for consent? Do they require the collection of certain information? Do they address expectations of privacy or otherwise inform those?
The time and effort put into developing your policies and practices, as appropriate for the context of your corporation, will be well spent in ensuring the smooth application of the Act to your corporation into the future.
Heidi N. Besuijen, Partner
Reynolds Mirth Richards & Farmer LLP
DISCLAIMER, USE INFORMATION AT YOUR OWN RISK
This is solely a curation of materials. Not all of this information is created, provided or vetted by CCI. Some of the information is only applicable to certain provinces. CCI does not make any warranties about the reliability or accuracy of any information found in the materials on this website. The information is not updated to reflect changes in legislation or case law and therefore may not always be current and up-to-date. We suggest you seek professional advice with respect to your specific issues or regarding any questions that arise out of the material. We will not be liable for any losses or damages in connection with the use of any of the material found on the website.
Back to Results Back to Overview