Is It Easy to Steal Your Clients’ Data?
Brokers’ files often have Social Security numbers, bank account information and driver’s license copies – the top targets of fraudsters. It’s important to keep that info safe – and have an internal system that provides legal protection if that fails.
CHICAGO – Consumers are demanding increased transparency about how their personal information is being used. Follow these best practices when handling sensitive client data.
As more aspects of a transaction head online, real estate professionals collect more client information digitally, from Social Security numbers to bank account information and copies of driver’s licenses. How you collect and store that information could get you into legal trouble if you’re not careful.
Enforcement of data privacy laws have ramped up nationwide as more states enact rules. It’s critical that real estate brokerages understand how this could impact their business and how to handle sensitive information they collect, says Maame Nyamekye, associate counsel at the National Association of Realtors® (NAR) in a recent “Window to the Law” video.
While no federal laws regarding data privacy apply to real estate, more states are adopting comprehensive data privacy laws to protect consumers’ personal information. Nyamekye says these laws often grant consumers several rights:
- To know what information a business collects on them.
- To ask a business to delete or correct the data.
- To know if the business is selling their information.
Almost all states have enacted rules around data-breach notifications that require businesses to notify individuals when their personal information may have been compromised. Many states have also adopted data disposal laws that require businesses to destroy, dispose of or encrypt personal information to protect individuals’ privacy.
NAR has supported efforts to protect consumers’ sensitive personal information. The REALTOR® Code of Ethics acknowledges members’ obligation to help preserve the confidentiality of their clients’ personal information in any agency or nonagency relationship.
Realtors shouldn’t take their role lightly when collecting client data information, Nyamekye says. Greater enforcement increases “the likelihood that a violation of a data privacy law may be detected and pursued,” she adds. “So, to avoid harm to your business – both financially and reputationally – it is important to ensure that your business is complying with applicable state laws.”
Even if an agent is located in a state without a comprehensive data privacy law, Nyamekye says, the agent can still be subject to another state’s law if they collect personal information from out-of-state clients.
In the video, Nyamekye shares some of the best practices for data privacy, including:
- Publish and maintain a privacy policy. Explain your policy to consumers to put them at ease about how your business will manage their personal information.
- Know the laws. Understand state laws and consumer rights regarding data security and privacy that could affect your brokerage. For example, some states have laws that require businesses to have a written information security program in place, or to dispose of personal information that serves no business purpose.
- Adopt document retention and data breach notification policies. The Federal Trade Commission shares five key principles for businesses to follow when creating a data security program: Take stock, scale down, lock it, pitch it and plan ahead.
Also refer to NAR’s Data Security And Privacy Toolkit, which includes an example of a written data security policy, and more tips.
Source: National Association of Realtors® (NAR)
© 2023 Florida Realtors®