It is time to come up to speed with your awareness of PII and its impact on real estate practices.

REALTOR® University  launched a 4 hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.

In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:

• « Not just an issue for “big companies.”
• « Every brokerage office maintains personally identifiable information (PII).
• « Extensive state regulation of collection and retention of PII
• « Most states address collection, disposal, and breach notification of PII.
• « Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.
  • Tennessee regulation requires principal brokers to develop and utilize a retention schedule.
  • South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.
• «No Federal data security, privacy, and breach notification laws yet, but being considered.
•  What is personally identifiable information?
•  Defined by state law, but generally means:

« First name/initial and last name in combination with any of the following:
« Social Security Number
« Driver’s license or state-issued ID number
« Financial account number
« Medical/health information

•  Social Security Numbers found in:
  •  Sales contracts
  • Credit/background checks on renters
  • W9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)
• « Driver’s license or state-issued ID numbers found in:
  •  Clients’ driver’s licenses (collected as safety precaution)
  •  Rental applications; credit/background checks
• « Financial account number found in:
  •  Personal checks given as earnest money
  •  Mortgage account number on HUD-1
  •  Credit/background checks on renters
  • Earnest money checks
• « Other:
  • Employee/agent records maintained in HR files contain many PII elements
  •  Copies of loan documents or credit card payments related to transaction even without asking clients to provide such information
• Where is PII stored?
• « Broker email systems and networks
• « Scanners, copiers, and fax machines
• « Agents’ personal email
• « Agents’ mobile text
• « Agents’ personal home computer/laptop
• « Cloud storage facilities
• « Physical file cabinets
• What’s the cost of a breach?
• « Operational expenses (i.e., damage to systems; time spent investigating breach and working with law enforcement)
• « Cost of breach notification (avg. $194 per record)
• « Civil penalties
• « Annual audit/reporting requirements
• « Negative public perception
• « Potential future liability (i.e., ID theft)

Five Step Program – http://www.realtor.org/articles/five-steps-towards-achieving-data-security

• « Take Stock
• « Scale Down
• « Lock it Down
• « Pitch It
• « Plan Ahead
• NAR Resources:
• « Five Steps towards Achieving Data Security
• http://www.realtor.org/articles/five-steps-towards-achieving-data-security
• « Data Security and Privacy page on REALTOR®.org
• http://www.realtor.org/topics/data-privacy-and-security
• « Data Security Video
• http://www.realtor.org/videos/data-privacy-be-ahead-of-the-law
  « NAR Data Security and Privacy Toolkit
  http://www.realtor.org/law-and-ethics/nars-data-security-and-privacy-toolkit