Personal Information Concerns with Surveillance Systems
Surveillance systems (e.g., security cameras) can pose privacy concerns if personal information is improperly collected, stored, or disclosed.
WHAT YOU'LL LEARN
Personal Information Concerns with Surveillance Systems
Addressing Unit Owner Privacy Concerns
Developing a Personal Information Retention and Disposal Policy
Personal Information Concerns with Surveillance Systems
Surveillance systems (e.g., security cameras) can pose privacy concerns if personal information is improperly collected, stored, or disclosed. Condominium corporations must ensure compliance with the Personal Information Protection Act (PIPA) when installing and managing surveillance systems.
An organization must notify an individual that their personal information is being collected through a surveillance system and state the purpose for the collection.
An organization may collect personal information only for purposes that are reasonable.
The organization must make reasonable security arrangements to protect personal information against unauthorized access, use, disclosure, or destruction.
Specific Concerns
Lack of notice: Individuals may not know they are being recorded.
Purpose limitations: Surveillance must only collect information necessary for security purposes.
Unauthorized access and disclosure: Footage must be protected against misuse.
Scenario Analysis:
Scenario: A condominium corporation installs cameras in a common area but fails to notify residents about the surveillance.
Question: Does this comply with PIPA requirements?
Answer: No. PIPA requires the organization to notify individuals about the collection of personal information and the purpose of the surveillance.
Addressing Unit Owner Privacy Concerns
Unit owners may raise privacy concerns about how their personal information is collected, stored, and accessed. Condominium corporations must follow PIPA guidelines when responding to these concerns.
An individual has a right of access to their personal information that is in the custody or under the control of an organization.
An organization must respond to an individual’s request for access within 45 days unless an extension is granted in accordance with this Act.
An individual may request corrections to their personal information if they believe it to be inaccurate.
Steps to Address Privacy Concerns
Access Requests:
Unit owners can request access to their personal information held by the corporation.
The corporation must ensure access is provided within 45 days unless an extension is required.
Corrections:
Unit owners may request corrections to inaccurate personal information.
The condominium corporation must update the records if the correction request is reasonable.
Complaint Resolution:
If a unit owner believes their privacy rights have been violated, they may submit a complaint to the condominium corporation or escalate it to the Office of the Information and Privacy Commissioner of Alberta (OIPC).
Practical Exercise:
Task: Review a unit owner’s privacy concern (e.g., a request to access surveillance footage or correct their contact information). Draft a response that complies with PIPA requirements.
Developing a Personal Information Retention and Disposal Policy
Condominium corporations must create and implement policies for retaining and securely disposing of personal information, such as resident records, surveillance footage, and financial information.
An organization must retain personal information only for as long as it is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.
An organization must destroy or anonymize personal information once it is no longer required for legal or business purposes.
An organization must make reasonable security arrangements to protect personal information against unauthorized access, collection, use, disclosure, or destruction.
Steps to Create a Retention and Disposal Policy
Retention Periods:
Define how long specific types of personal information will be retained (e.g., financial records for 7 years).
Secure Storage:
Ensure personal information is stored securely to prevent unauthorized access (e.g., password-protected databases, locked filing cabinets).
Disposal Methods:
Use secure methods to destroy personal information, such as shredding physical documents or permanently deleting digital files.
Policy Template
Example Policy:
Retention Period:
Financial records will be retained for 7 years as required by Alberta law.
Surveillance footage will be retained for 30 days unless required for an investigation.
Disposal:
Shred paper documents containing personal information.
Permanently delete digital records after the retention period has passed.
Creative Task:
Draft a retention and disposal policy for unit owner records and surveillance footage. Include details about retention timelines, secure storage, and destruction methods.
