Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. New York City s new Tenant Data Privacy Act more than what meets the eye

      Articles

    Article

    New York City s new Tenant Data Privacy Act more than what meets the eye

    July 2, 2021

    LinkedInX (Twitter)EmailCopy URL

    By Christopher Mason

    The Tenant Data Privacy Act (TDPA), applies to the collection, retention, use, and security of biometric data and other personal information in all residential buildings in New York City with three or more dwelling units.

    We have reminded our friends and clients recently about some requirements of the New York SHIELD Act that became effective earlier this year. See, e.g., Don’t forget physical safeguards for data privacy when returning to in-person work. We have also reminded them about the fast-approaching effective date for New York City’s new biometric privacy law for commercial establishments. See, e.g., New York City’s Biometric Privacy Law takes effect on July 9, 2021.

    Just to keep some of you even busier, however, remember that the New York City Council passed yet another privacy law earlier this year that also relates, in part, to biometric privacy. That other new law, the Tenant Data Privacy Act (TDPA), applies to the collection, retention, use, and security of biometric data and other personal information in all residential buildings in New York City with three or more dwelling units.

    The TDPA was passed on April 29, 2021, and deemed returned unsigned by the mayor on June 1. Technically (in a structure that may create headaches for “compliance with all laws” representations in some transactions), the law becomes effective on July 29, 2021, even though liability for violations will not arise until January 1, 2023.

    The way the TDPA works is to: (1) limit the collection of data for “smart access” systems to what such systems require for operation; (2) require consent in advance, in writing or through a mobile application, to the collection of “reference data” and “authentication data” from tenants and visitors; (3) require (with some exceptions) the destruction or anonymization of all “reference data” 90 days after a tenant moves out or a visitor’s access expires, and the destruction or anonymization of all “authentication data” 90 days after it is collected; (4) require providing tenants with a written privacy policy with certain mandatory disclosures; (5) require the maintenance of certain “stringent” data security measures; and (6) forbid almost all sale, lease, or disclosure data to any third party unless the relevant tenant or visitor expressly agrees — in an authorization that identifies that third party by name.

    What are the “reference data” and “authentication data? The first is what you collect first — for example, a name and a picture or fingerprint — to link or refer an identity (a name) to some other data (the picture or fingerprint). The second is what you collect each time thereafter (the picture or fingerprint from an entry camera or scanner) to confirm or authenticate the identity previously established to permit access. But beware: The TDPA is not limited to biometric data. The other data linked to an identity could be something like a passcode instead of a biometric feature. See, e.g., N.Y.C. Admin. Code §§ 26-3001, 3002(a)(6). Thus, the law is potentially broader than many news stories and law firms have recognized. And hidden in one subsection, see id. § 26-3002(f), is a free-standing prohibition on collection of most data about utility services and virtually all data about internet services.

    Luckily, the potentially most-dangerous provision of the new law — a private right of action with compensatory (and possibly punitive) damages, or statutory damages of $200 to $1,000 per occupant, plus attorneys’ fees — does not apply to all violations of the TDPA, but only to the improper sale, lease, or disclosure of occupants’ data.

    What are we helping clients do about this? We are making sure you know to find and secure the data subject to the new law (if you do not know where the data are, you cannot destroy or anonymize the information, for example); are drafting the necessary consents (which can include lease amendments); are updating your privacy policies; and are updating your vendor policies and contracts.

    Practices

    Cybersecurity & PrivacyBiometric Information Privacy Act (BIPA)
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved