In 2012 a Massachusetts real estate brokerage and property management company was hit with a $15,000 civil penalty by the state. The reason? The laptop of one of its employees, containing unencrypted data on hundreds of the company's customers, was stolen from the employee's car.
Data security and privacy issues could well move to the front burner on Capitol Hill this year. Several bills were introduced during the last legislative session, including The Commercial Privacy Bill of Rights Act, which would set minimum standards for disclosing what data you collect and for what purposes. Another, the Data Security and Breach Notification Act, focuses on the data protection side on behalf of consumers.
There’s no need to wait for lawmakers to pass new measures. Using the NAR Data Security and Privacy Toolkit, you can create your own security and privacy system. The kit will help you draft a program that follows best practices while meeting the needs of your business.
Know the Laws
The toolkit contains a list of laws by state that require notification of security breaches involving personal information. More than half the states also have laws on how to properly dispose of data in order to protect an individual’s privacy. Those are listed as well.
Post Your Policies
Take Inventory and Purge
Take time to conduct an inventory of what you're collecting and why you’re collecting it. Then pare down your data needs to a minimum, and aim to keep what you've collected for the shortest span of time necessary. If you obtain a client's bank account number in the course of a transaction, delete the number from your records once the transaction is closed and you no longer have an essential business reason to hang onto it. The fewer pieces of sensitive data you possess, the better.
Visit the FTC Web site
Check your policies against a set of best practices from the Federal Trade Commission. These include the need to create clear, written security policies and lock up what you collect (both digitally, using firewalls and passcodes, and physically, within filing cabinets). By following the FTC's recommendations, you’ll have your system covered.