Language / Sprache

Purpose and jurisdiction caveat

This is an evidence summary, not a legal conclusion. It does not claim that GDPR applies to Dawson Landing HOA, MJF Associates, or the reinspection portal. It identifies facts and questions that may be relevant if a homeowner is located in Germany, the European Union, or another jurisdiction where privacy law may apply.

Before submitting this material to a data-protection authority, confirm whether the authority has territorial jurisdiction, whether the data processing falls within the law being invoked, and whether any local complaint prerequisites apply.

Why secure access matters here

The privacy concern is not only that the reinspection site is HTTP-only. The concern is that HOA notices direct owners to use the MJF reinspection workflow to stop or resolve violation charges, while the HOA and its management agent can continue assessing fines when they say reinspection was not requested or completed.

In this context, insecure or unavailable HTTPS access can interfere with a homeowner's ability to protect both personal data and property rights. HOA account balances may be escalated through collection processes, and associations may have lien rights for unpaid assessments or charges where allowed by governing documents and law. That leverage makes the portal's security and accessibility materially important.

After the HTTPS issue was brought to the HOA and MJF's attention, the documented position remained that charges would persist because reinspection had not been requested through the expected process. The issue for review is whether it is reasonable to require use of an insecure or HTTPS-unavailable channel, then continue fines when that same security problem hindered reinspection requests.

Relevant parties and systems

  • Dawson Landing HOA: The association whose notices, statements, violation records, and governing documents are referenced on this site.
  • MJF Associates, Inc.: The management agent identified in HOA materials and associated with the reinspection workflow.
  • Homeowner or data subject: The person whose address, account, violation, payment, and contact information may be processed in connection with HOA enforcement and billing.
  • Reinspection portal: Notices direct homeowners to http://mjfarb.com/reinspect/, an HTTP-only address documented elsewhere on this site.

Potential personal data involved

The documents reviewed suggest that HOA enforcement and billing workflows may involve several categories of information. The exact fields collected by the portal should be verified from original records and screenshots before relying on this summary.

  • Homeowner name, property address, mailing address, email address, or phone number
  • Account number, lot number, violation number, reference code, or reinspection request details
  • Violation status, hearing outcome, board decision, and account balance information
  • Payment, dues, interest, late fee, collection, lien-risk, or disputed-charge information
  • Any uploaded description, image, document, or message submitted to request reinspection

Documented security concern

The main privacy issue documented on this site is that HOA notices direct owners to an HTTP-only reinspection portal: http://mjfarb.com/reinspect/. HTTP does not provide the same transport encryption as HTTPS.

If a homeowner is expected to submit account-related or property-related information through that workflow, a regulator may ask whether the system provides security appropriate to the nature of the data, the mandatory or coercive practical context, and the consequences of non-use.

GDPR questions to evaluate

If GDPR jurisdiction is plausible, the following questions may help structure a complaint or lawyer review:

  1. Territorial scope: Does the processing fall within GDPR Article 3 because of an EU establishment, EU-directed services, monitoring, or another jurisdictional basis?
  2. Controller and processor roles: Is the HOA acting as controller, and is MJF acting as processor, joint controller, or independent controller for portal and account workflows?
  3. Security of processing: Is an HTTP-only portal appropriate for submitting address, account, violation, and contact information when non-use can lead to ongoing fines or collection pressure?
  4. Lawful basis and transparency: What privacy notice, lawful basis, retention period, and data-sharing disclosures are provided to homeowners?
  5. Data subject rights: Can the homeowner access, correct, restrict, or object to processing of inaccurate violation or account information?
  6. Fairness and coercion: Is it fair to require or practically pressure homeowners to use an insecure channel, then continue charges when the security problem hindered use of that channel?
  7. International transfer or hosting: Where is the portal hosted, where is data stored, and are any transfers outside the relevant jurisdiction disclosed and protected?

Use in a regulator submission

This page can support a regulator submission when paired with a short cover letter explaining why the authority has jurisdiction. The strongest submission would attach primary evidence, identify the exact personal data submitted or requested, and state the specific remedy requested, such as secure HTTPS submission, confirmation receipts, correction of records, suspension of fines tied to the insecure reinspection workflow, or production of privacy notices.

For HOA-law issues that do not involve privacy or personal data, the Virginia Common Interest Community Ombudsman path described on Take Action may be more directly relevant.