wa-law.org > bill > 2025-26 > SB 5937 > Original Bill
As used in this chapter:
If requested by a tenant, a landlord must offer the tenant an alternative key that does not use biometric identifier information or a software application operated on a tenant's mobile phone or other similar electronic device. Examples of alternative keys include, but are not limited to:
A key fob;
A key card;
A physical key; or
Other form of physical access.
The landlord of a smart access building shall make available to tenants any written privacy policy of the entity that developed the smart access system utilized in such building, or any written privacy policy of the entity that currently operates the smart access system utilized in the building.
The landlord of a smart access building, or an agent thereof, must provide to tenants, either upon the initial signing of a lease agreement or upon installation of the smart access system, a written policy in plain language that describes, at a minimum, the following information if it is not included in the privacy policy described in subsection (1) of this section:
The data elements to be collected by the smart access system, including the extent to which data elements are collected that contain information of, or relating to, the guests of a tenant;
The protocols and safeguards the landlord will provide for protecting such data elements;
The retention schedule of such data;
The protocols the landlord will follow to address any suspected or actual unauthorized access to or disclosure of such data elements, including notification of users;
Guidelines for permanently destroying or anonymizing such data or removing such data from the smart access system; and
The process used to add a tenant who has provided written consent on a temporary basis to the smart access system.
If the information required to be provided under subsection (2) of this section is provided by the smart access system developer and the landlord does not retain or sell any information from the smart access system, a landlord is compliant with the requirements of this section by providing the privacy policy of the developer of the smart access system.
A landlord of a smart access building or third party may collect only the minimum amount of authentication data and reference data necessary to enable the use of a smart access system for the purpose of granting a user access to a building, its elevators, its common areas, or to a user's dwelling.
A smart access system may only collect, generate, or utilize the following information:
A user's name;
The dwelling unit number and other doors or common areas to which the user has access using a smart access system in a building;
A user's preferred method of contact;
A user's biometric identifier information if a smart access system utilizes biometric identifier information;
The identification card number or any identifier associated with the physical hardware used to facilitate building entry, including radio frequency identification card, bluetooth, or other similar technical protocols;
Passwords, passcodes, user names, and contact information used singly or in conjunction with other reference data to grant a user entry to a smart access building, dwelling unit of a building, or common area of a building through the building's smart access system, or to access any online tools used to manage user accounts related to a building;
Lease information, including move-in and, if available, move-out dates; and
The time and method of access, solely for security purposes.