Worst Part of a Cyberattack? Getting Sued
What if a savvy hacker accesses your customer’s data? It’s not just a technology question. Affected customers may file a lawsuit and demand to know what steps you took to prevent cyberattacks.
WASHINGTON – You’re putting your livelihood at risk if you’re “asleep at the wheel” when it comes to creating a data security plan, especially as the real estate industry faces growing cyberthreats, says Maame Nyamekye, staff attorney at the National Association of Realtors® (NAR).
In NAR’s latest “Window to the Law” video, Nyamekye makes a strong case for creating a cyberattack plan: “A data security breach could potentially hurt your business financially, lead to a lawsuit and tarnish your reputation,” Nyamekye says.
Still, many businesses are unprepared. Only 35% of companies have programs in place to detect, prevent and respond to fraud threats, according to a survey earlier this year by tax services firm KPMG.
“Fraud, compliance risk and cyberattacks are increasing at an alarming rate, eating away profits across the U.S.,” says Amanda Rigby, forensic service network leader at KPMG. “Collectively, these issues create a ‘threat loop,’ which can quickly overwhelm companies with economic loss, regulatory loss and reputation loss. Despite the potential for calamity, the majority of U.S. companies are not ready to fight the threat loop.”
In the video, Nyamekye highlights what brokers and agents can do to minimize their risk in the event of a data security breach. The tips are based on Federal Trade Commission (FTC) principles for creating a data security plan.
Nyamekye urges members to:
- Take stock of the information your brokerage handles and where it’s stored. You also need to know who within the company has access to what.
- Create a retention policy. Outline what information your company will retain and for how long based on legal requirements and your business’s needs. At least 35 states have laws addressing the proper disposal of personal information.
- Be proactive. Have safety measures in place both for your technology and physical space to protect sensitive information and prevent unauthorized access.
Cybersecurity in Florida
Florida Statutes address security breaches and business obligations (Chapter 501.171).
Attorney General Ashley Moody’s overview of Florida’s cybersecurity requirements:
- Proper notice must be provided to consumers within 30 days unless good cause is shown for an additional 15 day delay
- Proper notice must be provided to the Office of the Attorney General for a breach affecting 500 or more individuals
- The definition of “personal information” includes health insurance, medical information, financial information and online account information, such as security questions and answers, email addresses and passwords
- Both businesses and state government entities must take reasonable measures to protect data
- The Office of the Attorney General must provide an annual report to the Legislature regarding data breaches of governmental entities
- Enforcement actions for statutory violations fall under Florida’s Unfair and Deceptive Trade Practices Act
Source: National Association of Realtors® (NAR)
Note: Information deemed accurate on date of publication
© 2022 Florida Realtors®