Skip to code content (skip section selection)
Compare to:
New York City Overview
The New York City Charter
NEW YORK CITY CHARTER
The New York City Administrative Code
NEW YORK CITY ADMINISTRATIVE CODE
Title 1: General Provisions
Title 2: City of New York
Title 3: Elected officials
Title 4: Property of the City
Title 5: Budget; Capital Projects
Title 6: Contracts, Purchases and Franchises
Title 7: Legal Affairs
Title 8: Civil Rights
Title 9: Criminal Justice
Title 10: Public Safety
Title 11: Taxation and Finance
Title 12: Personnel and Labor
Title 13: Retirement and Pensions
Title 14: Police
Title 15: Fire Prevention and Control
Title 16: Sanitation
Title 16-A: [Commercial Waste Removal]
Title 16-B: Commercial Waste Zones
Title 17: Health
Title 18: Parks
Title 19: Transportation
Title 20: Consumer and Worker Protection
Title 20-A: [Shipboard Gambling]
Title 21: Social Services
Title 21-A: Education
Title 22: Economic Affairs
Title 23: Communications
Title 24: Environmental Protection and Utilities
Title 25: Land Use
Title 26: Housing and Buildings
Chapter 1: Department of Buildings [Repealed]
Chapter 2: Relocation Services
Chapter 3: Rent Control
Chapter 4: Rent Stabilization
Chapter 5: Unlawful Eviction
Chapter 6: Increase of Rentals
Chapter 7: Rent Increase Exemption for Low Income Elderly Persons and Persons with Disabilities
Chapter 8: Cooperative and Condominium Conversions
Chapter 9: Right of First Refusal and First Opportunity to Purchase
Chapter 10: Housing Development Project Reporting Requirements
Chapter 11: Housing Information Guide for Tenants and Owners
Chapter 12: Improperly Conditioning Residential Occupancy on Medical Treatment
Chapter 13: Provision of Legal Services in Eviction Proceedings*
Chapter 13: Certification of Certain Rent Payment*
Chapter 15: Audits for Compliance with 421-a Tax Exemption Affordability Requirements
Chapter 16: Audits for Compliance with 421-a Tax Exemption Rent Registration Requirements
Chapter 17: Periodic Reports on Inclusionary Housing Programs
Chapter 18: Housing Portal
Chapter 19: City-Owned Vacant Property That May Be Suitable for the Development of Affordable Housing
Chapter 20: Community Land Trust Regulatory Agreements
Chapter 21: Affordable Housing Plan Report*
Chapter 21: Short-Term Residential Rentals*
Chapter 22: Expiring Affordable Housing
Chapter 24: Buyout Agreement Filing Requirements
Chapter 25: Audits of Certifications of Correction
Chapter 26: Affordable Housing Placements
Chapter 27: Mitchell-Lama Development Reporting Requirements
Chapter 28: Set Asides in Housing Development Projects for Homeless Individuals and Families
Chapter 29: Consumer Credit History
Chapter 30: Tenant Data Privacy
§ 26-3001 Definitions.*
§ 26-3002 Data collection.*
§ 26-3003 Prohibitions.*
§ 26-3004 Privacy policies.*
§ 26-3005 Security measures and safeguards.*
§ 26-3006 Private right of action.*
§ 26-3007 Education efforts.*
Chapter 31: Registration Requirements for Short-Term Rentals
Chapter 32: Requirements for Booking Services with Respect to Short-Term Rentals
Chapter 33: Enforcement of Zoning Resolution Provisions Related to Eligibility Requirements Regarding the Development, Acquisition, Rehabilitation, Preservation, Sale or Rental of Affordable Housing Administered by the Department*
Chapter 34: Fees Associated with Vacating a Premises
Chapter 35: Universal Design Units
Title 27: Construction and Maintenance
Title 28: New York City Construction Codes
Title 29: New York City Fire Code
Title 30: Emergency Management
Title 31: Department of Veterans' Services
Title 32: Labor and Employment
Title 33: Investigations
Title 34: Racial Equity
Appendix A: Unconsolidated Local Laws
The Rules of the City of New York
THE RULES OF THE CITY OF NEW YORK
Title 1: Department of Buildings
Title 2: Board of Standards and Appeals
Title 3: Fire Department
Title 6: Department of Consumer and Worker Protection
Title 9: Procurement Policy Board Rules
Title 12: Franchise and Concession Review Committee
Title 15: Department of Environmental Protection
Title 16: Department of Sanitation
Title 17: Business Integrity Commission
Title 19: Department of Finance
Title 20: Tax Appeals Tribunal
Title 21: Tax Commission
Title 22: Banking Commission
Title 24: Department of Health and Mental Hygiene
Title 25: Department of Mental Health and Retardation [Repealed]
Title 28: Housing Preservation and Development
Title 29: Loft Board
Title 30: Rent Guidelines Board
Title 31: Mayor's Office of Homelessness and Single Room Occupancy
Title 34: Department of Transportation
Title 35: Taxi and Limousine Commission
Title 38: Police Department
Title 38-A: Civilian Complaint Review Board
Title 39: Department of Correction
Title 40: Board of Correction
Title 41: Department of Juvenile Justice
Title 42: Department of Probation
Title 43: Mayor
Title 44: Comptroller
Title 45: Borough Presidents
Title 46: Law Department
Title 47: Commission on Human Rights
Title 48: Office of Administrative Trials and Hearings (OATH)
Title 49: Department of Records and Information Services
Title 50: Community Assistance Unit
Title 51: City Clerk
Title 52: Campaign Finance Board*
Title 53: Conflicts of Interest Board
Title 55: Department of Citywide Administrative Services
Title 56: Department of Parks and Recreation
Title 57: Art Commission
Title 58: Department of Cultural Affairs
Title 60: Civil Service Commission
Title 61: Office of Collective Bargaining
Title 62: City Planning
Title 63: Landmarks Preservation Commission
Title 66: Department of Small Business Services
Title 67: Department of Information Technology and Telecommunications
Title 68: Human Resources Administration
Title 69: Department of Aging
Title 70: In Rem Foreclosure Release Board
Title 71: Voter Assistance Commission
Title 72: Office of Emergency Management
Title 73: Civic Engagement Commission
Title 74: Community Hiring
Chapter 30: Tenant Data Privacy
§ 26-3001 Definitions.*
* Editor's note: there are two sections designated as § 26-3001.
As used in this chapter, the following terms have the following meanings:
   Authentication data. The term "authentication data" means the data generated or collected at the point of authentication in connection with granting a user entry to a smart access building, common area or dwelling unit through such building's smart access system, except that it does not include data generated through or collected by a video or camera system that is used to monitor entrances but not grant entry.
   Biometric identifier information. The term "biometric identifier information" means a physiological, biological or behavioral characteristic that is used to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan; (ii) a fingerprint; (iii) a voiceprint; (iv) a scan or record of a palm, hand or face geometry; (v) gait or movement patterns; or (vi) any other similar identifying characteristic.
   Dwelling unit. The term "dwelling unit" has the same meaning as in section 27-2004 of the housing maintenance code.
   Minor. The term "minor" means a person under the age of 18 years, except a person over the age of 15 years who is married, a parent, serving in the military, or has been found financially independent by a court order.
   Multiple dwelling. The term "multiple dwelling" has the same meaning as in section 27-2004 of the housing maintenance code.
   Owner. The term "owner" has the same meaning as in section 27-2004 of the housing maintenance code.
   Reference data. The term "reference data" means the information against which authentication data is verified at the point of authentication by a smart access system in order to grant a user entry to a smart access building, dwelling unit of such building or a common area of such building.
   Smart access building. The term "smart access building" means a class A multiple dwelling, as such term is defined in section 27-2004 of the housing maintenance code, that utilizes a smart access system.
   Smart access system. The term "smart access system" means any system that uses electronic or computerized technology, a radio frequency identification card, a mobile phone application, biometric identifier information, or any other digital technology in order to grant entry to a class A multiple dwelling, common areas in such multiple dwelling or to an individual dwelling unit in such multiple dwelling.
   Third party. The term "third party" means an entity that installs, operates or otherwise directly supports a smart access system, and has ongoing access to user data, excluding any entity that solely hosts such data.
   User. The term "user" means a tenant of a smart access building, and any person a tenant has requested, in writing or through a mobile application, be granted access to such tenant's dwelling unit and such building's smart access system.
(L.L. 2021/063, 5/30/2021, eff. 7/29/2021)
Editor's note: For related unconsolidated provisions, see Appendix A at L.L. 2021/063.
§ 26-3002 Data collection.*
* Editor's note: there are two sections designated as § 26-3002.
   a.   An owner of a smart access building or third party may not collect reference data from a user for use in a smart access system except where such user has expressly consented, in writing or through a mobile application, to the use of such smart access building's smart access system. Such owner or third party may collect only the minimum amount of authentication data and reference data necessary to enable the use of such smart access system in such building, and may not collect additional biometric identifier information from any users. Such smart access system may only collect, generate or utilize the following information:
      1.   the user's name;
      2.   the dwelling unit number and other doors or common areas to which the user has access using such smart access system in such building;
      3.   the user's preferred method of contact;
      4.   the user's biometric identifier information if such smart access system utilizes biometric identifier information;
      5.   the identification card number or any identifier associated with the physical hardware used to facilitate building entry, including radio frequency identification card, bluetooth or other similar technical protocols;
      6.   passwords, passcodes, user names and contact information used singly or in conjunction with other reference data to grant a user entry to a smart access building, dwelling unit of such building or common area of such building through such building's smart access system, or to access any online tools used to manage user accounts related to such building;
      7.   lease information, including move-in and, if available, move-out dates; and
      8.   the time and method of access, solely for security purposes.
   b.   An owner of a smart access building and any third party shall destroy any authentication data collected from or generated by such smart access system in their possession no later than 90 days after such data has been collected or generated, except for authentication data that is retained in an anonymized format.
   c.   Reference data for any tenant who has permanently vacated a smart access building shall be removed, or anonymized where removal of such data would render the smart access system inoperable, from the smart access system no later than 90 days after such tenant has permanently vacated such building. Reference data for any user that has been granted access to such tenant's dwelling unit and is not a tenant of such smart access building shall be removed, or anonymized where removal of such data would render the smart access system inoperable, from the smart access system no later than 90 days after access expires. Reference data for any user who has withdrawn authorization from an owner or third party who had previously been given access to such reference data pursuant to subdivision a shall be removed, or anonymized where removal of such data would render the smart access system inoperable, from the smart access system no later than 90 days after such authorization has been withdrawn. The same time frame shall apply when a tenant withdraws a request that a guest be granted access to such tenant's dwelling unit via the smart access system, if such guest is not also a tenant of such smart access building.
   d.   Reference data collected solely for the operation of such smart access system for a tenant who has permanently vacated a smart access building shall be destroyed no later than 90 days after a tenant has permanently vacated a smart access building or has withdrawn authorization from the owner of such smart access building or a third party. Reference data collected solely for use of such smart access system for any user that has been granted access to such tenant's dwelling unit and is not a tenant of such smart access building shall be destroyed within the same timeframe, following such user's withdrawal of authorization, such tenant's withdrawal of the request that such user be granted access to such tenant's dwelling unit via the smart access system or such tenant's permanent vacation. Any data collected in violation of the prohibitions set forth in paragraphs 3, 4, 5 and 6 of subdivision a of section 26-3003 shall be destroyed immediately.
   e.   An owner of a smart access building and any third party that has an obligation to destroy data pursuant to this section shall not be required to destroy any data that:
      1.   is necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
      2.   is necessary to debug to identify and repair errors that impair existing intended functionality;
      3.   is protected speech under the United States or New York state constitution; or
      4.   is necessary to comply with another law or legal obligation.
   f.   Any information that an owner of a multiple dwelling collects about a tenant's use of gas, electricity or any other utility shall be limited to such tenant's total monthly usage, unless otherwise required by law. It shall be unlawful for an owner of a multiple dwelling to collect any information about a tenant's use of internet service, except that in a multiple dwelling in which internet service is provided directly from an owner to tenants, the landlord may collect such information if such information is aggregated and anonymized, or necessary for billing purposes.
   g.   Notwithstanding the provisions of subdivision a, an owner may retain, separate from the smart access system, a record of the unique identification number or other unique identifier associated with the physical hardware used to facilitate building entry, including key cards or other similar technical protocols, and the dwelling unit number associated with such unique identifier, solely for the purpose of deactivating or activating the key card or other hardware associated with such unique identifier.
   h.   Notwithstanding any other provision of this section, reference data may be retained and utilized by a smart access system pursuant to a user request, in writing or through a mobile application, that such user's reference data be retained for longer than 90 days.
(L.L. 2021/063, 5/30/2021, eff. 7/29/2021)
Editor's note: For related unconsolidated provisions, see Appendix A at L.L. 2021/063.

Disclaimer: The Codes and other documents that appear on this site may not yet reflect the most current legislation or rules adopted by the City. In addition, certain textual errors and omissions may temporarily exist, resulting from problems in the source database provided to American Legal and from which this website was created. Although these errors and omissions are being corrected, any user discovering any such error is invited to please contact the publisher at NYC.editor@amlegal.com or at 800-445-5588 and/or the New York City Law Department at NYCCodeRulesCharter@law.nyc.gov.

Hosted by: American Legal Publishing

Back to Code Library
Previous Doc
Next Doc