Skip to main content
Legal Update Article

Data Privacy, Security Considerations in Multi-Residence Buildings

New data privacy and security concerns arise as multi-unit residential buildings implement new technologies to manage access, strengthen security, regulate compliance with internal policies and legal requirements, and improve the resident experience, and New York City and other jurisdictions are attempting to address them.

Examples of data privacy and security risks in this area abound. For instance, many newer (or newly updated) residential buildings utilize “smart access” systems to identify and grant access to residents and guests based on their biometric identifiers (e.g., fingerprints or facial geometry) or their possession of a key card or fob. Although these systems are convenient for residents and building management, condominium and cooperative boards, property owners, and property management companies must be mindful of the data privacy and security-related concerns that may arise in the jurisdictions in which the properties are located.

New York City has passed the Tenant Data Privacy Act, imposing rigorous data privacy and security obligations on the owners of “smart access” buildings. Additionally, a growing number of jurisdictions have laws on their books regulating the collection and use of biometric information. For instance, Portland (Oregon) and Baltimore County have passed laws banning the use of facial recognition technology. Further, a number of states, including California, Illinois, New York, Texas, and Washington, regulate the collection and use of biometric information more broadly. Biometric information also qualifies as personally identifiable information under the data breach notification and reasonable safeguard laws in many states.

Condominium and cooperative boards, property owners, property management companies, and others should regularly consider the potential data privacy and security risks when installing and authorizing residents to use new technologies that collect and utilize resident data.

Key considerations:

  1. What data is being collected?
  2. Is notice and/or consent required in connection with such collection?
  3. Is the data being stored and, if so, for how long, for what purpose, and have appropriate data security safeguards been implemented?
  4. Have internal policies been implemented, and training provided, to ensure proper management of the data?
  5. Is the data shared with third parties and, if so, are appropriate contractual protections in place?

As organizations like condominium and cooperative boards, property owners, and property management companies collect more and more data from their residents, it is critical to take proactive steps to assess their compliance with applicable data privacy and security laws.

Please contact a Jackson Lewis attorney with questions about fair housing, data security compliance, or other issues. 

© Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome. 

Focused on labor and employment law since 1958, Jackson Lewis P.C.'s 950+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients' goals to emphasize inclusivity and respect for the contribution of every employee. For more information, visit