Association Website Requirements Raise a Host of Novel Issues
Associations of 150 or more units are riding a wave of legislative changes intended to fight corruption, maximize record accessibility and transparency, and embrace technological changes. By the end of the year, these associations will need a website, disclosing certain critical records and meeting various requirements. To avoid a painful crash, associations need to balance a whole new set of contractual considerations relating to key website vendors while ensuring internal oversite and legal compliance relating to the website requirements.
In 2017, House Bill 1237 enacted changes to the Florida Condominium Act creating Section 718.111(12)(g), Florida Statutes, requiring non-timeshare associations operating condominiums with 150 or more units to have websites for posting notices and specified categories of records by July 1, 2018. While records required to be posted would become more accessible and websites would provide notice of meetings for all owners, including those not residing at the condominium, the website requirement also raised extensive issues and a new threat of potential liability for association non-compliance. Now in 2018, recently enacted legislation, House Bill 841, has already extended this deadline to January 1, 2019, while also clarifying certain aspects of the website requirement. Nevertheless, associations must still respect the demands of these new laws and grapple with their ambiguities.
The website must include governing documents (i.e.—declaration, bylaws, articles of incorporation, amendments, etc.); rules (presumably only those in force); a list of the association’s contracts or other documents binding the association (the 2017 version required the contracts themselves); a list of bids received within the “past year” for all bidding which has concluded; summaries of bids (or the bids themselves) received within the last year which are in excess of $500 (which must be maintained for at least a year); the latest current and proposed financial reports, including monthly statements of income and expenses if under consideration at a scheduled meeting; the latest current and proposed budgets; conflict of interest documentation, including contracts or other related transaction documents; director certifications; and the notice and agenda of any member or board meeting (including related documents). Private information of the association, including privileged information and personal identifying information of owners, without limitation, may not be disclosed.
Associations (especially those that are self-managed) must not underestimate the level of diligence that must be taken to consistently maintain these records correctly online. The list of contracts will need to be updated with every contract or other binding document (whatever that is interpreted to mean). The association must be prepared to evaluate what documents sufficiently relate to a conflict of interest and therefore require inclusion on the website, adding an additional layer of compliance and complexity to new legal requirements relating to conflicts of interest. An association that does not comply with the website requirements faces potential claims for injunctive relief or damages, and/or the threat of administrative remedies, which may be imposed by the Department of Business and Professional Regulation’s Division of Florida Condominiums, Timeshares, and Mobile Homes. Notably, House Bill 841 clarifies that a failure to comply does not by itself affect the validity of association actions and that the disclosure of private personal information will not subject the disclosing association or its agent to liability absent a “knowing or intentional disregard of the protected or restricted nature of such information.”
The website must be an independent website or website wholly owned by the association or a website maintained by a third party. The website must contain sub-pages or sections that are only accessible to members and employees of the association. Upon written request from an owner, the association must provide that owner with a user name and password to access the website’s protected information.
Based upon these new requirements, associations should at minimum implement a process of due diligence to ensure compliance relating to the timely and compliant launch of the website and the ongoing maintenance of the website thereafter. Associations must take a look at their existing contracts and insist on contractual protections when getting their websites developed by third-party vendors or their property management company. Contracts must stipulate terms regarding, without limitation: (a) data and domain ownership; (b) ongoing requirements and deadlines for uploading records; (c) restoring the website in the event that it goes down for any reason; (d) payment and default terms that don’t risk website noncompliance or inaccessibility in the event of non-payment; (e) provisions for a favorable transition process if and when the association switches management companies or third-party website vendors; (f) security of data; and, (g) indemnification and mandatory insurance coverage provisions that protect the association (as opposed to solely the vendor). Associations will need to establish internal policies that provide a directive that vendors and management companies have to follow. Legal counsel should review and prepare contracts and resolutions that can protect the association and abide by the statutory requirements.
Based upon new provisions enacted in House Bill 841, associations are invited to adopt rules governing the notice of meetings, including rules governing the timing of the posting of such notice, where on the website it will be posted, etc. However, if the association enacts such a rule, it must include within that rule a requirement that the association send an electronic notice to all owners who have consented to email notice and provided an email for notice purposes, which must include a hyperlink to the website where such notice is posted. Associations should note that this statutory language assumes that every email address “maintained” as an “official record” by the association is an email submitted with consent for notice to that email address, and that any other email address received without such intention and consent must not be used for such notice or disclosed on the website.