Data Licensing Personal Information Risk Management Uncategorized

How's Your PII Data Awareness?

It is time to come up to speed with your awareness of PII and its impact on real estate practices.

REALTOR® University recently launched a 4 hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.

In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:

  • « Not just an issue for “big companies.”
  • « Every brokerage office maintains personally identifiable information (PII).
  • « Extensive state regulation of collection and retention of PII
  • « Most states address collection, disposal, and breach notification of PII.
  • « Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.
    • Tennessee regulation requires principal brokers to develop and utilize a retention schedule.
    • South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.
  • «No Federal data security, privacy, and breach notification laws yet, but being considered.
  •  What is personally identifiable information?
  •  Defined by state law, but generally means:

« First name/initial and last name in combination with any of the following:
« Social Security Number
« Driver’s license or state-issued ID number
« Financial account number
« Medical/health information

  •  Social Security Numbers found in:
    •  Sales contracts
    • Credit/background checks on renters
    • W9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)
  • « Driver’s license or state-issued ID numbers found in:
    •  Clients’ driver’s licenses (collected as safety precaution)
    •  Rental applications; credit/background checks
  • « Financial account number found in:
    •  Personal checks given as earnest money
    •  Mortgage account number on HUD-1
    •  Credit/background checks on renters
    • Earnest money checks
  • « Other:
    • Employee/agent records maintained in HR files contain many PII elements
    •  Copies of loan documents or credit card payments related to transaction even without asking clients to provide such information
  • Where is PII stored?
  • « Broker email systems and networks
  • « Scanners, copiers, and fax machines
  • « Agents’ personal email
  • « Agents’ mobile text
  • « Agents’ personal home computer/laptop
  • « Cloud storage facilities
  • « Physical file cabinets
  • What’s the cost of a breach?
  • « Operational expenses (i.e., damage to systems; time spent investigating breach and working with law enforcement)
  • « Cost of breach notification (avg. $194 per record)
  • « Civil penalties
  • « Annual audit/reporting requirements
  • « Negative public perception
  • « Potential future liability (i.e., ID theft)

Five Step Program –

You may also like
Email By Candlelight
New Risk Management Resource
Understanding the Structure of "Organized Real Estate"