Ask Habitat: Are Security and Privacy Mutually Exclusive?
May 11, 2015 — A READER ASKS: I live in a midsize co-op in Brooklyn, and have been on the board for nearly ten years. I've been keeping up with all this Airbnb business, and it's made me really think about our building's security. We don't have a written policy about security — or privacy, for that matter. One of my fellow board members says that having a written policy relating to security and privacy may paint us into a corner, that once we have a written policy, we have to substantially comply with it. I say that that's what our lawyer is for, so we can craft a policy that protects the building. My fellow board member adds that we need to define clearly in that policy who has access to information — that is, clear definitions of who can access security data and what privacy rights residents can reasonably expect. What factors might we keep in mind while drafting something that makes everyone happy?
HABITAT ANSWERS: A co-op/condo security policy has to take into consideration three issues: employee gossip, data security, and data access. The second issue is maintaining the security of your collected data. So what exactly does it entail? For most buildings, it means protecting paper documents, security-camera footage, and electronic key-fob data.
Paper documents. Residents' personal information should be kept to a minimum, and Social Security numbers should be stripped from them. Files should be kept in a locked cabinet, preferably within a locked closet or room; many buildings keep them off-site, at the management company's office.
Security camera footage. This is trickier — as opposed to the real-time feed doormen typically monitor for emergency situations — because it can be stored in different ways. Nowadays, security camera footage is mostly stored on a DVR or a remote communal server. None of this should be readily available, even to the board members. When a report is made, footage could be made available to a third party, such as the management company, which should notify the board or the police if needed.
Key fobs. To physically secure the key fob data on DVRs or computers, experts recommend locating the equipment in a basement room that's locked. While this need not literally be a basement room, such devices should never be in an unlocked environment. Many buildings keep them in the super's office, which may not be kept locked, creating a security risk. Regardless of who can access it, your data should be password protected.
How often security camera footage gets erased is another aspect of policy. Do you really need to keep more than two years' worth of footage, as some systems are capable of doing? Commonly, it gets erased after 30, 60, or 90 days.
Ultimately, security and privacy can co-exist. As long as you share information about systems protocols with your residents, there's no reason that security and privacy have to be mutually exclusive.
Have a question for us? Let us know!
For more, see our Site Map or join our Archive >>