Large HOAs need secure online presence
Q: Is there a Nevada statute that requires homeowners associations of a certain size to have and maintain an online presence, that is, a website? If yes, what information needs to be accessible on the site?
A: Nevada Revised Statutes 116, which pertained to the establishment and maintenance of internet websites or electronic portals, including the payment of assessments electronically, was amended. NRS 116.31069 states that each association that contains 150 or more units shall establish and maintain a secure internet website or electronic portal that may be assessed by the unit owner. The website or within the electronic portal are to make available any documents relating to the association, including without limitation the following: governing documents; most recent copy of the covenants, conditions and restrictions; annual budget and any proposed budget; notices and agendas of upcoming meetings; and any other documents required by law or regulation.
Associations that contain fewer than 150 units are encouraged but not required to establish and maintain internet websites or electronic portals.
The internet websites or electronic portals established for those associations of 150 units or more must provide unit owners the ability to pay assessments electronically.
In a previous column, Las Vegas attorney Adam Clarkson included the following information, which I have added in response to the homeowner’s question:
Pursuant to Senate Bill 378, which was adopted this session and went into law earlier this year, entities processing homeowner payment transactions are now required to maintain a minimum of $5 million dollars in cyber security insurance “that provides coverage for losses arising out of or relating to data breaches, unauthorized intrusions into an information system, computer viruses, ransomware, identity theft and similar exposures.” In most cases, this will be a non-issue for large banks that are already insured for these issues and are handling the transactions. However, any person or entity not so insured will be precluded from engaging in the business of handling homeowners’ personal information related to owners’ online HOA payments. Also, associations offering online payment services, even when offered through a portal that is ultimately processed by a well-insured bank, must also maintain certain minimum cyber insurance amounts to protect the HOA and its members from any cyber theft related claims.
Not only does SB 378 impose cyber insurance requirements for persons processing homeowners’ payments online, but it also expressly imposes data protection requirements. Notably, SB 378 imposes the protection for personal information requirements of NRS 603A.010 to 603A.290 upon HOA online assessment payment processors. What does that mean? It means that HOA payment processors must utilize special encryptions and other data protection methodologies to protect information provided to them, like homeowners’ bank account numbers, credit card numbers, user names, and unique identifiers, including passwords combined with emails.
If your HOA offers an online payment portal for assessment payments, will you be able to pay online after you have been sent to collections for delinquent payments? No. HOAs are required to suspend access to online payment portals once a homeowner has been sent to a third-party collection company. Of course, this will not impact owners who make their payments on time or a little late.
What about homeowner documents and information other than payment processing, is that protected by SB 378? Yes. A prior law passed in 2021, albeit well-intended, needlessly exposed a litany of homeowners’ private information by forcing HOAs to provide internet access to such information without any provisions for cyber security or cyber insurance. SB 378 eliminated the requirements for HOAs to maintain homeowners’ private data on hackable websites.
Instead, SB 378 allows HOAs to make proper business decisions as to whether they are able to maintain online access to homeowners’ confidential information. This change will have virtually no impact on Nevada homeowners that will be discernible from the information and services owners are accustomed to accessing with their HOA, but it has eliminated a palpable cyber security risk for unsuspecting homeowners who were in HOAs that were not going to be able to securely comply with state-mandated online information requirements.
Barbara Holland, CPM, is an author, educator and expert witness on real estate issues pertaining to management and brokerage. Questions may be sent to holland744o@gmail.com.