Privacy Guidelines for Strata Corporations – Updates
In May 2022, the Office of the Information & Privacy Commissioner updated their Guidelines for Strata Corporations on how to best achieve compliance with the Personal Information Privacy Act (“PIPA”). We wrote about this at the time and would like to take this opportunity to highlight other aspects of the Guidelines not touched on in our initial article yet come up regularly with clients.
First, you can find the guidelines themselves here.
Here are the general requirements placed on Strata Corporations by PIPA:
- designate someone to be accountable on the strata’s behalf for its compliance with PIPA;
- obtain the consent of owners and tenants before it collects, uses or discloses personal information (except in specified circumstances where PIPA does not require consent);
- tell individuals, upon request, why personal information is being collected, how it is being used and to whom it has been disclosed;
- take reasonable steps to ensure that the personal information it collects is accurate and secure;
- respond to requests for personal information completely and promptly;
- have personal information policies that are understandable and readily available; and
- securely destroy, erase or make anonymous personal information where a strata no longer needs the information for the purpose for which it was collected and retention is no longer necessary for legal or business purposes.
Strata Councils should, at a minimum, develop a Privacy Policy which addresses these points. A Strata Council member should also be appointed as Privacy Officer so that Residents can know to whom they should address any privacy related requests or concerns . You will note from the PIPA requirements that Stratawest cannot act as your Privacy Officers- we have our own PIPA compliance requirements to adhere to and though we are necessarily involved in the storage of documents on your behalf, we cannot take responsibility for compliance with the elements of PIPA requiring Strata Corporations to draft policies and appoint officers- this is a Council activity. To that end, we are pleased to share a template developed by the Vancouver Island Strata Owners Association (VISOA) which may form the foundation of your policy. You’ll find a link to this template at the bottom of this article. We also strongly encourage all clients to engage legal counsel when developing your policies- though this requires an investment, it sets you up to be well protected in the event a claim is made against your Strata Corporation.
We are often asked specific questions relating to PIPA compliance and Strata records. A few examples of specific recommendations on meeting minutes disclosures, recording of meetings and document retention are below for your benefit.
On the subject of recording meetings (which is an uncommon but not unheard of request, especially in contentious situations):
Audio and/or video recordings of a strata council meeting or general meeting should not be made. Unless a bylaw is passed by strata corporation allowing meetings to be recorded with an audio or visual recording device, recordings of strata council or general meetings are likely not authorized by PIPA.
On the subject of what information should and shouldn’t be included in meeting minutes:
Personal information and meeting minutes Section 35(1)(a) of the SPA requires stratas to keep minutes of annual and special general meetings and council meetings, including the results of any votes. Here are some guidelines to help a strata take meeting minutes in a way that protects an individual’s privacy:
- A person attending an annual general meeting (AGM) or a semi-annual general meeting (SGM) has provided implied consent to have their name, strata lot number and/or unit number recorded in the minutes.
- If a strata council member or a guest attends a strata council meeting, or if they make or second a motion, then the individual has provided implied consent to have their name recorded in the strata council minutes.
- Minutes of strata council meetings should record all decisions made by the strata council, but need not include the exact discussions of personal information leading up to any votes.
- It is good practice for strata council minutes to identify only the unit number or strata lot number of an owner or tenant (and not their name) in relation to sensitive matters such as bylaw violations or strata fee debts.
On how long records must be kept (you can find the specific breakdown here):
Note that other laws might require the strata to keep records even longer than one year. If those laws require personal information to be retained longer than set out in PIPA, then the longer retention period applies. For example, Part 4.1 of the Strata Property Regulation sets out requirements for retaining certain strata records such as meeting minutes and legal decisions.
Did you know that you’re only required to keep correspondence (i.e. letters from and to homeowners and tenants) for “at least 2 years”? All records must be maintained for a minimum period of time (most commonly 2 or 6 years) or *permanently*.
And finally, on the use of video and/or fob usage surveillance:
It may be reasonable, for example, to use surveillance in a parking area that has experienced break-ins despite other measures having been taken to stop the activity. It may not be reasonable, however, to do so in a fitness or pool where the purpose for the surveillance may not be as clear as it would be for a parking area. The more sensitive the information the strata seeks to collect, and the more invasive the method of collection is, the less likely it is that the surveillance is reasonable, and therefore authorized, under PIPA. For example, in one case, the OIPC determined that a strata could use video surveillance to enforce its garbage disposal bylaws, and to prevent and investigate property damage in the parking area, but not for any other purpose (such as monitoring the pool area). It also concluded that, while the strata could keep a key fob inventory for certain purposes, it could not conduct surveillance on the movements of residents using its key fob system. For more information, see OIPC Order P21-06.
As noted above, here is the link to the VISOA privacy policy template with minor edits (highlighted in green) to include the physical security measures we have in place to protect your documents.
There are many more implications to PIPA than we could adequately cover in a brief article. We’ll write again on more of these implications and in the meantime reiterate our recommendation that, when faced with privacy issues, your Strata Council engage legal advice to ensure you are in compliance with the very stringent requirements of the PIPA.