CHOICE membership

Privacy Laws Governing Fob Keys

digital-privacy

#1

I live in an apartment block that has small round fob keys that tenants use for all access in the building. Thing is my old work place had card swipes which were checked weekly by the boss to keep tabs on time we got to work etc. l can not find anything regrading the access and use of mine and others movements in the building and I’m concerned who has this data.


#2

Blocks are normally governed by a body corporate, and most body corporates (but not all) hire professional managers rather than do it themselves. The building manager or member of the body corporate should be able to provide your answer.


#3

Hi The BBG
Thank you l am not cerain if the managers of the apartment complexes have access to the data or the security company that would govern this due to safety issues

I do know that some work places have access to staff fob key data and security cameras.

However in saying that IT or Security would provide that information to management on request.

In my case where l live, the on site staff have access to security cameras directly. I assumed staff who were given that sort of power would have access to the fob data.
The Fob Data is accessable remotely via a security company and also can be assessable via a computedr.
Last year my door was not locking properly and a security service came and serviced it without me asking which l didnt mind l received tne appropriate notice.

Because their doesnt seem to be laws or guidlines pertaining to Fob data. Where l live everything is under the privacy act which is not upto date with Fob data.

Im not by no means suggesting that staff are deliberating abusing tennants privacy either.

But l hope both state and federal governments address this issue by securing fob privacy for consumers or employeex. I cant recall see anything , in the tenacy act 1997…


#4

The fob is not special, it is ‘just another security device’ in many ways.

Perhaps this link will be helpful for you although it does not address your specific concerns. The OAIC site has other pages that could be more useful.

https://www.oaic.gov.au/individuals/faqs-for-individuals/law-enforcement-surveillance-photos/what-can-i-do-about-my-neighbour-s-security-camera

The bottom line problem is that ‘your’ security system is a contract between your block’s body corporate (eg the owners or management group) and a security company. That contract should specify exactly what is recorded, how it is maintained and for how long, and what if any policies are in place to reveal it to 3rd parties including law enforcement as well as how it is secured from unauthorised access.

Privacy laws such as they are focus on ‘others’ while your block is ‘you’, if that makes sense, so ‘you’ have direct control (although it is not really direct, it is through the management and the security contract).


#5

We have a fob key access system to our buildings garage but it’s only a dumb terminal connected directly to the door opener. There’s no data collected it just opens the door if the code on the tag fits the range. Some of theses devices are very insecure and the code can be read using an App and the NFC function on a phone. Some of the fobs can be copied and the NFC function used to control the opener. Key fob encoders can be bought on eBay from $20. These have to be treated as a very basic form of security, I’d be asking the building manager or body corporate about just how secure the tags are.


#6

Thanks for the feed back and link I’ve used them both. But it’s still a question not answered


#7

Thanks for the link and feed back it helps but can’t find the answers yet


#8

As @TheBBG wrote the Body Corporate (BC) Managers (if the BC has hired them) should have this policy and be able to give you this data. The on-site managers may not have a copy of this policy but they are likely to be employed by the BC or the BC Managers who will have a copy.

Write a letter/email to the Body Corporate (BC) asking for a copy of their Privacy Policy (send a similar letter/email to the security company and the BC Manager). This Policy would include the list of what details are retained. One or more of these parties should respond to your request, the policy/list as it contains no actual user data will not be a breach of the privacy laws (and should normally be provided), if you require what actual data they have on you then you should also put this request in the letter/email.

If they do not respond to the request re your personal data or their Privacy Policy you may be able to make contact with The Office of the Australian Information Commissioner (OAIC) if the Security and or Management Company have turnovers of more than $3 million a year (there are several large management ones that do most BC management and fit this criteria of the turnover limit). OAIC may then investigate and make a decision if you are to get access to the data. If the Management or Security Company do not meet these limits/requirements (see the links to the OAIC fact sheet below) you may be able to make a complaint to your State/Territory Administrative Tribunal to see if you can get that information.

Fob usage data, if it contains personal information about you, is covered under the Australian Privacy Principles (APP) already. The OAIC are only able to act if the requirements of the APP to make the businesses what they term “APP entities” are met. See the following links for a more detailed explanation of the APP and the processes that are required:

https://www.oaic.gov.au/agencies-and-organisations/faqs-for-agencies-orgs/businesses/small-business

https://www.oaic.gov.au/individuals/privacy-fact-sheets/general/privacy-fact-sheet-17-australian-privacy-principles