The first week of March is National Consumer Protection Week. During this time, consumer protection agencies such as the Federal Trade Commission and the Division of Real Estate will be helping people understand their consumer rights and make well informed decisions about finances and the sharing of personal information.
As an association member, you should know what your rights are concerning the information your association maintains about you. Section 38-33.3-317 of the Colorado Common Interest Ownership Act defines what records must be kept by an association, for the purposes of record retention and production to unit owners. It divides association records into three categories - records that "must be produced", records that "may be produced" (at the discretion of the Board), and those which "must be withheld".
The records contained in the “must be withheld” category include items such as personal identification and account information of members, including bank account information, telephone numbers, electronic mail addresses, driver’s license numbers, and social security numbers. As an association member, you have a right to have this information withheld from production requests.
As an association Board member, you should know what your responsibilities are as the custodian of association records. Sensible efforts to protect sensitive information should be utilized. Be sure that if the records are physical, they are stored in a secure location with limited access. If the records will be stored electronically, be sure to consult with the appropriate professionals to ensure secure networks.
You should also consult with your association’s legal counsel concerning any reporting requirements in the event of a data breach. In 2018, Colorado passed one of the most stringent data protection laws in the country, House Bill 18-1128. Effective September 1, 2018, associations, management companies, and their vendors that collect and maintain personal identifying information (“PII”) (social security numbers; personal identification numbers; passwords; state or government-issued driver’s license or identification card numbers; passport numbers; etc.) must adopt policies concerning the protection of that information and procedures for handling breaches and destruction of documents containing PII.
For more information related to consumer protection week, please see the links below.
- Federal Trade Commission
- Colorado Attorney General's Office on Consumer Protection
- Colorado Bureau of Investigation - Identity Theft/Cyber-Crimes Unit
- New Data Breach Law – Compliance Required By Suzanne M. Leff of Winzenburg, Leff, Purvis & Payne, LLP