Privacy is a primary concern in this day and age when all our necessary information are stored in some cloud application or the other. Phone numbers linked to bank accounts, several apps with access to our phone devices, it is imperative to ensure, no matter where we submit our data, it is safe.
Oftentimes, we skim through the terms and conditions of the privacy document of the businesses to whom we submit our personal data. Despite being aware of the risks of data theft and its disastrous personal consequences, we freely submit our data to businesses or other organisations that might require them.
With the world increasingly getting dependent on digital administration, the government’s involvement becomes inevitable. With that in mind the Personal Data Protection Commission of Singapore has released a list of advisory guidelines for Management Corporations. It lists in detail the rules to follow to protect the resident data of their condominium properties safe. It also discusses the protocols involved to release resident data to a third party when necessary. The guidelines are detailed in their explanation of what incidents can be considered as a breach of data privacy by the Management Corporations.
Table of Contents
Why Is This Important?
Slowly but surely, condominium management is joining the digital wagon. With more and more people looking for affordable housing, condos are hot cakes in the real estate market. With the boom of the condominium culture, condominium management has become an industry of its own. With the increasing number of units in their kitty, dependence on a manual system is increasingly proving inconvenient, unwieldy and inefficient.
Condominium management software in the market eases the work of Managing Agents and MCSTs. However, they require the data of residents to create a streamlined automated support system in managing the condominium community. Condominium management software usually provides automated billing/accounting modules, facility booking and visitor management system. Hence, it is important to know whether or not the MA is following the principles of the PDPC in choosing a software compliant with the data safety principles.
Is ADDA PDPC compliant?
This is better answered by discussing how ADDA works its different modules while protecting the data of every user.
Compliance with Section 2.2 of the PDPA
According to Section 2.2 of the PDPA, the MCSTs have to collect personal information like name, address and NRIC/FIN numbers of the subsidiary proprietors to compile a strata roll as well as ease several official procedures. ADDA requires names, unit numbers, email addresses of the residents who are added to the database. Resident data is only visible to the Admin, who is either an MCST or MA member. Residents are aware of the data submitted to ADDA to enable the transition from the present managing system to a digitised managing system. This data is not visible to other community members, even if they are next door neighbours. To ensure absolute data privacy of individuals, ADDA even gives the feature of a chat directory inbuilt in the app where residents can talk to each other through the app without sharing any personal details.
Compliance with Section 2.3 of the PDPA
Section 2.3 of the PDPA stresses on the value of consent to release subsidiary proprietor data to any third party. BMSMA do not require the phone numbers to be collected as a part of strata roll compilation. However, if any MCST or MA chooses to do it for faster communication, they must seek prior consent from the subsidiary proprietors for the collection of such data. They are also to be duly informed about the purpose for which the data is needed. With ADDA, the subsidiary proprietors need only to submit their email addresses. They are prompted to submit their phone numbers through the app. They are informed of all terms and conditions and the app seeks prior consent regarding the possible usages of the phone number.
Compliance with Section 2.4 of the PDPA
In a condominium, it often becomes necessary to talk to neighbours for various reasons ranging from connected repair issue or for community activities. With ADDA, this communication can be done entirely while protecting every data. Subsidiary proprietors can participate in group discussions regarding all condominium topics through Conversations. Neighbors can also share community pictures in Album for every subsidiary proprietor’s reference. Even decision making is transparent with ADDA with subsidiary proprietors having the choice to vote on important decisions through Polls. Neighbours can even plan activities with like minded folks through Groups. All this without disclosing a single personal information to any other parties.
Compliance with Section 2.5 of the PDPA
In the present circumstances the MA is a data intermediary. However, there is no guarantee of data protection. Still majorly dependant on manual data storage, subsidiary proprietor data is still at risk of being misused. With such a manual system in place, it also gets difficult to track the procedures involved in being PDPA compliant. With ADDA, all data is protected in the cloud ensuring there’s no breach. They aren’t accessible without Admin access. The ADDA Admin is always an individual or individuals who have been given the necessary permissions by subsidiary proprietors to collect their personal information. Therefore, the ADDA Moderator, can be the Data Protection Officer themselves or the responsibility of delegating the function can be given to the MA. ADDA itself has strict data privacy protocols in place and signs an agreement to that effect with stakeholders.
Compliance with Sections 3.1 and 3.3 of the PDPA
Manual publication of voter list on Notice Boards makes data available to individuals other than condo residents. With ADDA, this disclosure can be taken a notch ahead by publishing the voter list in the online notice board, ensuring data is only available to the subsidiary proprietors. Similarly, the minutes of all meetings can also be circulated through ADDA ensuring privacy regarding the condominium administration is taken care of.
Compliance with Sections 3.15, 3.16, 3.18, 3.21 and 4.2 of the PDPA
The above sections deal with data privacy with respect to visitor management. Manual ledgers in security kiosks at the condominium gates are under the constant threat of being misused or arbitrarily infiltrated. With ADDA, this risk is cut off. Guards cannot add any extra field to visitor log details. The visitor management tab only requires date to be filled up. ADDA’s Incident Investigator works with double password authentication to increase security against data leakage. All other personal details are duly masked in Incident reports. With ADDA implementation, the condominium community complies with PDPA’s suggestions of bringing visitor management to electronic medium. With ADDA, the hassle of open log books and registers exposing visitor data is entirely taken out of the equation. The process of “deemed consent” is duly followed by ADDA to collect phone numbers or email addresses to issue access cards where needed. This set-up is also compliant with Section 3.22 and can be used to send condominium newsletters to residents. ADDA also follows data retention limitation obligation. No visitor or financial data is stored beyond a limit of 5 years.
Data protection is important. Data Privacy is the right of every individual. ADDA understands the importance of data protection and data privacy of all the stakeholders involved. ADDA has been designed keeping in mind all the qualms about data protection and therefore, succeeds in checking all the points necessary to be PDPA compliant.
