We are living in a paradoxical period, marked by the dazzling progress of computer technologies, the dematerialization of data, artificial intelligence, and their intrusion into all aspects of our lives. More than ever, people are posting on social networks and talking about their most recent outings, vacations or acquisitions, when not blabbering about their moods. Regardless, privacy remains a fundamental right that must be protected, sometimes against us.
Thus, any company that collects, stores and discloses personal information in the course of its business – including syndicates of co-owners – must take measures to protect the personal data collected, whether it is about their customers, suppliers, employees and, in the case of syndicates of co-owners, the latter. However, there is an additional difficulty in divided co-ownership, namely the obligation for administrators to keep a register of co-ownership that necessarily contains personal information and must be accessible to the co-owners. It's hard to reconcile all that.
The Act defines "personal information" as "any information that relates to a natural person and directly or indirectly identifies that individual." The (non-exhaustive) list is extensive. It includes the first and last name; physical, email and IP addresses; telephone numbers, as well as social insurance, health insurance, driver's license, license plates, bank accounts, debit and credit card numbers, date of birth, marital status, national or ethnic origin; mortgage and insurance information; criminal records (if applicable); information regarding the state of health or disability; fingerprints, physical traits, DNA; biometric data, such as voice, image capture, facial recognition, and even geolocation.
A large amount of personal data is necessarily collected by syndicates of co-owners, and many are found in the co-ownership register, which is mandatory and accessible to co-owners, including the names and addresses of the co-owners and the minutes of meetings. It should be noted that article 1070 of Code Civil code Quebec specifies that the co-ownership register "may also contain other personal information concerning a co-owner or other occupant of the immovable, if the latter expressly consents to it." Without such express consent, however, syndicates are in fact forced to keep more than one register. First, the one containing the documents and information mentioned in the said article, and another containing personal data that is essential and related to the affairs of the syndicate, but which must be protected, such as the banking information of the co-owners. And if documents accessible in the condominium register (a meeting minutes, for example) contain personal information that must be protected, we believe that the syndicate should prioritize the protection of personal information, rather than the right of access, for example by redacting the personal data that must be protected.
Incidentally, article 1068.2 of Code Civil code Quebec provides that a promising purchaser may ask the board of directors to provide him with "documents or information concerning the immovable and the syndicate that are likely to enable him to give informed consent". However, this provision adds that "the syndicate shall, subject to the provisions relating to the protection of privacy, provide them with due diligence". This shows the importance that must be attributed to the concept of personal information. We would also like to take this opportunity to reiterate that the minutes of a meeting of co-owners should not record all the words and opinions that were expressed at the meeting, nor should they identify the people who said them. The essence of a record is to indicate the topics discussed and the decisions made. This can be done by remaining neutral, without mentioning any names of co-owners. The same applies to attendance at the meeting, which can be attested by unit numbers alone, specifying whether it is a physical presence or represented by proxy.
As of September 22, 2022, every business (i.e., every syndicate of co-owners) must have designated a person responsible for the protection of personal information. For syndicates of co-owners, this is a member of the board of directors, whose contact information must be accessible, especially to co-owners. This person must take reasonable and appropriate steps to restrict or eliminate the risk of breach of confidentiality. Moreover, since September 22, 2023, each syndicate must also have established a clear policy regarding the management of personal information collected and make it public. This policy must cover the collection and retention of this information as well as the handling of incidents of breach of confidentiality or access requests, as well as a procedure for the destruction (or anonymization) of personal data, at the end of its usefulness.
When a syndicate of co-owners uses a computer data storage system or does business with an Internet and telephone service provider or a manager to whom it transmits the personal information of the co-owners, a mechanism for the protection of these transfers and data processing must be provided for in the contracts, as well as for the management of incidents and the delivery or destruction of information, at the end of the period of use.
In addition, as an employer, the syndicate must establish a specific register of its employees, where the information collected, from the time of hiring or even before hiring (resumes, psychometric tests, criminal history, etc.) must be protected. This protection must be provided throughout the duration of the employment and sometimes even beyond the termination of the employment, for example in the case of non-competition and/or non-solicitation obligations.
The implementation of these privacy provisions poses a daunting challenge for directors of condominium corporations. Nevertheless, you must absolutely take care of it because contentious situations will necessarily arise, in addition to the fact that the law provides for considerable administrative and financial penalties, in the event of non-performance or fault.
Richard LeCouffe, Lawyer
Chronic express the personal opinions of the author and in no way engage the responsibility of the site editor , CondoLegal.com Inc. The content and opinions expressed in a column are those of the author.