As of September 1, 2018, common interest communities and management companies are now required to maintain a written policy to comply with the new consumer data privacy law. Details surrounding the law can be found here. https://dupontlawco.com/house-bill-18-1128-the-consumer-data-privacy-law-are-you-in-compliance
Essentially, the required policy needs to address the protection, disposal and data security breaches relating to personal identifying information. This includes information such as social security numbers, passwords, biometric data and other protected, sensitive data.
If you have not already adopted the required policy, please contact The Dupont Law Firm for preparation of the policy at a reasonable cost. Since the penalties for non-compliance can be substantial, it is recommended that common interest communities adopt the requisite policy as soon as possible.