Saturday, February 11, 2012

Don't control your condo or homeowner association intellectual property and run the risk losing it or someone else controlling it for you!

All companies, including condo or homeowner associations have Intellectual Property (IP) that should be protected and managed.  In a traditional sense, IP is made up of four classes (Patent, Trademark/™ ®, Copyright/©, and Trade Secret.)  However, in associations there is another type that is just as important, but often "flies under the radar" of BoD leaders -- namely it's information, data, and records.  Losing this information or allowing someone else to take control of it opens you up to a host of undesirable situations, including accidental or intentional disclosure, modification, destruction or inability to process that information.  In simple terms -- it could shut your association down for a lengthy period of time and create a tremendous amount of work to restore it back to a useable condition.

Information is a vital asset for the success of an association, but most leaders do not even realize the extent of inherent risks that they are exposed to in the way that manage personal or other data critical to the operation of their association's business.  They probably have not even given a second thought and only face it when there is a loss, breach, or when they try to change Management Companies.  Consider these worst case scenarios:
  • The association Secretary has all records, blueprints, official correspondence, deed amendments, financial transactions, etc.
    • Manually filed at his/her home.  A fire destroys all documents'.
    • Stored on his/her computer when s/he loses a hard drive or a virus erases all data.
    • Managed by a unique data management software program that s/he has familiarity with.  S/He is removed from the BoD on unfriendly terms and is unwilling to train anyone on the software, making the data inaccessible.
  • The association hosts a website that has personal information of its members (name, address, bank account #, driver license, etc), when someone gains access and perpetrates identity theft.  The association is sued for damages.
  • The association BoD wants to change the current Management Company that uses its own proprietary data management system for all association records.  The MC refuses to turn over data for the term of its contract or the information is rendered useless unless you continue to use their system and services.
  • The association BoD decides to "bite the bullet" and go with another on-line data management system.  It now has to train, familiarize, and deal with all the start-up issues associated with its 2,000 member community that uses the system for all its daily operations.
Consider the cost of replicating the data that was lost in these situations!  It is huge and can bring an association to its knees.  Just ask someone whoever has lost their computer hard drive -- it only happens once, as the consequences are so severe that they put back up systems in place to protect their data from similar occurrences in the future.
So, what should an association do to get their arms around their IP?
  1. Go electronic.  If your association has not already converted its records to electronic form, do not wait any longer.  There are simply too many benefits to be gained.  All the association’s records should be stored in electronic form to save space and money drain and to allow you to take additional security measures to protect it.  You should begin to transition to electronic transactions with members, vendors, service providers as your organization matures and technology becomes readably available.  You should also transition to paperless access for all members and operate on a member "pull" system to extent possible.
  2. Select the Method of Storing/Accessing Your Electronic Data.  Determine how and where you will store your electronic data. This is an extremely important decision and you should approach it as if you are selecting a life-time provider, particularly if you use a website or on-line database storage provider.  There are too many negative implications for you to fall into the start-stop-start ditch of switching between providers or method of storage.  Make sure that you always own your data; you have complete control of how and where you store/access it, and NEVER outsource it or give control to someone else.  To a large extent, this decision will be dependent upon the size of your association, whether you are self-managed or use a Management Company and your level of IT expertise and/or availability.  Here are some of the main options you could consider:
    • Computer hard drive or disk.  This method would likely be used by a small association to store its historical records and may involve the use of off-the-shelf programs (QuickBooks, Excel, Adobe, etc) to help manage certain aspects of the association business.  The information is normally available to the person entering the data and cannot be directly accessed by association members.  Data security should be provided by regular back-ups and storage in different locations.
    • Association website.  This can be a very attractive alternative to small to medium associations and involves the on-line storage/access of data through an independent website provider.  A designated person maintains the website and keeps all of the data current.  Association members can assess the data on-line with the use of their computer or a hand-held device.  Security is very good as the provider regularly backs up the data and stores it in multiple locations.  Costs are minimal.
    • On-line database storage provider.  This becoming a more and more attractive options for all sizes of associations, as the offerings by different providers continues to grow.  They have all the advantages of a website, but can also include a multitude of features and options that go well beyond simple website storage and retrieval functionality.  Things like personal data management, automatic payment, resident surveys, move-in move-out forms, amenity and facility management, discussion forums, work order requests, email accounts, contractor management, access control, for sale/rental management, package delivery and tracking, etc., to name a few.  Costs are moderate and security is excellent.   If you are considering a service such as this, make sure you do your homework and again approach it as you were selecting a life-time partner.
    • Management Company.  Large associations (and some smaller ones) are likely to use the services of a Management Company to help them manage the day-to-day activities.  Most MC's will have a preferred method of data management and many have their own propriety system or partnerships with other service providers.  It is here that I wish to raise a BIG RED FLAG.  "NEVER, EVER GIVE UP CONTROL OF HOW AND WHERE YOUR ASSOCIATION DATA IS STORED AND ACCESSED TO A MANAGEMENT COMPANY!"  If you do, you could very well lock yourself into a continuation of those MC services into the future or having to reconstruct data that is not compatible or available, for a multitude of reasons.  It is up to the Association BoD to select an independent data management system (or provider) and then require any Management Company or other service provider to use that system as a condition of employment.   Other precautions you could take with a MC to protect your data would be to include a clause in the contract that:
      • Assures complete ownership and unfettered access to your data at all times
      • States that the association data is the property of the association and returnable upon demand
      • Requires the MC to provide "back up" copies of financial and other records on a CD upon request or on a regular basis.
  3. Set up the necessary security systems.  A risk management plan should be developed for the association that addresses such issues as data security (personal and association), disaster recovery, meeting any laws requiring record retention and availability, and back-up procedures.
In summary, condo and homeowner associations that do not have their own independent data management system for its processes, procedures or records leave themselves in a venerable position.  They run the risk of losing their data and having to reconstruct it or becoming hostage to someone else who has taken over control of how their data is stored and accessed.  A wise association BoD will recognize this and take the necessary steps to protect this data and proactively manage this very important asset called their intellectual property.