New York's Cooperative and Condominium Community

Habitat Magazine Business of Management 2021




Is Your Co-op's or Condo’s Data Safe?

Sue Treiman and Bill Morris in Board Operations on February 7, 2020

New York State

Cybersecurity, data breach, personally identifiable information, SHIELD law, co-op and condo boards.
Feb. 7, 2020

Cybersecurity experts agree that surprisingly few co-op and condo boards or their property managers treat personally identifiable information (PII) with the care it deserves. Social Security, bank account, and credit card numbers, plus email addresses and passwords, are all things criminals can exploit.

“I can unequivocally say people don’t appreciate how significantly a security breach can affect property, residents, and the board,” says Sandy Jacolow, who oversees technology initiatives at the Meridian Capital Group, a real estate brokerage and investment firm.

For those who still fail to grasp the significance of a data breach, Jay Hack, a banking lawyer at Gallet, Dreyer & Berkey, has a blunt piece of advice: “Wake up.”

The wake-up call will come in March 2020, when New York State’s Stop Hacks and Improve Electronic Data Security (SHIELD) law goes into effect. SHIELD requires all businesses handling personally identifiable information – including co-op and condo boards – to implement “reasonable” administrative, technical, and physical data safeguards. If they fail to comply and identities are compromised, they can face fines, investigations, and lawsuits. Under current laws, the maximum fine for failing to notify those affected by a data breach is $100,000; under SHIELD, the number will balloon to $250,000. And enforcement is expected to be more stringent.

“At a minimum, SHIELD makes data security a legal issue with liability and penalties for lack of protocol, non-compliance, and any breach,” says Jim Brune, chief executive at, an internet-based provider of secure record-keeping.

“It is now a compliance issue – not just awareness,” says Zhixiong Chen, a professor of cybersecurity at Mercy College in Dobbs Ferry, New York “It means that co-op and condo boards have to work on best practices on data collection, storage, and retrieval. It is time to do reconnaissance on existing data storage, decide what kind of data are necessary for boards, and what kind of safeguards and auditing is needed. Boards can develop their own data protection and breach notification process, or they may seek solutions provided by various vendors using cloud to distribute or offload risks.”

Whichever course boards decide to pursue, they need to remember that, as of next month, data security is no longer optional; it will be required by state law.

Ask the Experts

learn more

Learn all the basics of NYC co-op and condo management, with straight talk from heavy hitters in the field of co-op or condo apartments

Professionals in some of the key fields of co-op and condo board governance and building management answer common questions in their areas of expertise

Source Guide

see the guide

Looking for a vendor?