NEW PRIVACY PROTECTIONS FOR NYC TENANTS
On May 28, 2021, New York City passed a law to protect tenants’ data from being misused by landlords and their property managers.
Known as the Tenant Data Privacy Act (TDPA), this new statute targets multiple-dwellings -- those buildings with three or more families living independently of each other -- that use smart-access systems (like key cards, phone apps, fingerprints, etc.) at entry points. Manhattan Democrat, Mark Levine, who was the bill’s sponsor, cited privacy concerns as the reason why he introduced the legislation in the City Council. “Every tenant has the right to know what data is being collected by their landlords and should feel secure that that data can not be used against them,” said Levine in a statement.
Among other things, owners must soon provide tenants with a privacy notice and obtain their express consent to the use of any smart access systems. Owners are also required to establish clear data collection and retention protocols and must ensure that information is not sold, leased, disclosed or otherwise shared, unless requested by a court or if the tenant grants permission. When a tenant moves out, their data is to be removed, anonymized, or destroyed within 90 days. For each violation, property owners could face a fine of up to $6,000.
Effective August 1, the law will apply to buildings that install smart access systems in that month, or any time thereafter. Buildings that already have smart access systems will have 18 months (i.e., until Jan 1, 2023) to comply with these requirements.
“Should be interesting to see how the implementation of this law unfolds,” said Jonathan H. Newman, the founding partner of Newman Ferrara LLP, a Manhattan real-estate, civil rights and civil litigation law firm. “We suspect that non-compliant owners will face considerable class-action exposure,” Newman added.
Should you believe your privacy rights have been violated, do not hesitate to contact one of our attorneys at 212-619-5400.