§ 26-3004.
AC § 26-3004
a. The owner of a smart access building, or an agent thereof, must provide to tenants a written policy in plain language that describes, at a minimum, the following information if it is not included in the privacy policy described in subdivision b: 1. the data elements to be collected by the smart access system; 2. the names of any entities or third parties the owner will share such data elements with, and the privacy policies of any such entities or third parties; 3. the protocols and safeguards the owner will provide for protecting such data elements; 4. the retention schedule of such data; 5. the protocols the owner will follow to address any suspected or actual unauthorized access to or disclosure of such data elements, including notification of users; 6. guidelines for permanently destroying or anonymizing such data or removing such data from the smart access system; and 7. the process used to add and remove persons who have provided written consent on a temporary basis to the smart access system. b. The owner of a smart access building, or an agent thereof, shall make available to tenants any written privacy policy of the entity that developed the smart access system utilized in such building, or any written privacy policy of the entity that currently operates the smart access system utilized in such building. (L.L. 2021/063, 5/30/2021, eff. 7/29/2021) Editor's note: For related unconsolidated provisions, see Appendix A at L.L. 2021/063.
