It is time to come up to speed with your awareness of PII and its impact on real estate practices.
REALTOR® University launched a 4 hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.
In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:
- « Not just an issue for “big companies.”
- « Every brokerage office maintains personally identifiable information (PII).
- « Extensive state regulation of collection and retention of PII
- « Most states address collection, disposal, and breach notification of PII.
- « Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.
- Tennessee regulation requires principal brokers to develop and utilize a retention schedule.
- South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.
- «No Federal data security, privacy, and breach notification laws yet, but being considered.
- What is personally identifiable information?
- Defined by state law, but generally means:
« First name/initial and last name in combination with any of the following:
« Social Security Number
« Driver’s license or state-issued ID number
« Financial account number
« Medical/health information
- Social Security Numbers found in:
- Sales contracts
- Credit/background checks on renters
- W9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)
- « Driver’s license or state-issued ID numbers found in:
- Clients’ driver’s licenses (collected as safety precaution)
- Rental applications; credit/background checks
- « Financial account number found in:
- Personal checks given as earnest money
- Mortgage account number on HUD-1
- Credit/background checks on renters
- Earnest money checks
- « Other:
- Employee/agent records maintained in HR files contain many PII elements
- Copies of loan documents or credit card payments related to transaction even without asking clients to provide such information
- Where is PII stored?
- « Broker email systems and networks
- « Scanners, copiers, and fax machines
- « Agents’ personal email
- « Agents’ mobile text
- « Agents’ personal home computer/laptop
- « Cloud storage facilities
- « Physical file cabinets
- What’s the cost of a breach?
- « Operational expenses (i.e., damage to systems; time spent investigating breach and working with law enforcement)
- « Cost of breach notification (avg. $194 per record)
- « Civil penalties
- « Annual audit/reporting requirements
- « Negative public perception
- « Potential future liability (i.e., ID theft)
Five Step Program – http://www.realtor.org/articles/five-steps-towards-achieving-data-security
- « Take Stock
- « Scale Down
- « Lock it Down
- « Pitch It
- « Plan Ahead
- NAR Resources:
- « Five Steps towards Achieving Data Security
- http://www.realtor.org/articles/five-steps-towards-achieving-data-security
- « Data Security and Privacy page on REALTOR®.org
- http://www.realtor.org/topics/data-privacy-and-security
- « Data Security Video
- http://www.realtor.org/videos/data-privacy-be-ahead-of-the-law
« NAR Data Security and Privacy Toolkit
http://www.realtor.org/law-and-ethics/nars-data-security-and-privacy-toolkit
0 Comments