How's Your PII Data Awareness?

It is time to come up to speed with your awareness of PII and its impact on real estate practices.

REALTOR® University recently launched a 4-hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aim to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.

In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:

• Not just an issue for “big companies.”
• Every brokerage office maintains personally identifiable information (PII).
• Extensive state regulation of collection and retention of PII
• Most states address collection, disposal, and breach notification of PII.
• Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.Tennessee regulation requires principal brokers to develop and utilize a retention schedule.South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.
• No Federal data security, privacy, and breach notification laws yet, but being considered.
• What is personally identifiable information?
• Defined by state law, but means:

First name/initial and last name in combination with any of the following:

Social Security Number

Driver’s license or state-issued ID number

Financial account number

Medical/health information

• Social Security Numbers found in:Sales contractsCredit/background checks on rentersW9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)
• Driver’s license or state-issued ID numbers found in:Clients’ driver’s licenses (collected as a safety precaution)Rental applications; credit/background checks
• Financial account number found in:Personal checks were given as earnest moneyMortgage account number on HUD-1Credit/background checks on rentersEarnest money checks
• Other:Employee/agent records maintained in HR files contain many PII elementsCopies of loan documents or credit card payments related to transaction even without asking clients to

Where is PII stored?

• Broker email systems and networks
• Scanners, copiers, and fax machines
• Agents’ personal email
• Agents’ mobile text
• Agents’ personal home computer/laptop
• Cloud storage facilities
• Physical file cabinets

What’s the cost of a breach?

• Operational time spent investigating the breach and working with law enforcement
• Cost of breach notification (avg. $194 per record)
• Civil penalties
• Annual audit/reporting requirements
• Negative public perception
• Potential future liability (i.e., ID theft)

Five Step Program –

http://www.realtor.org/articles/five-steps-towards-achieving-data-security

• Take Stock
• Scale Down
• Lock it Down
• Pitch It
• Plan Ahead

NAR Resources:

• Five Steps towards Achieving Data Securityhttp://www.realtor.org/articles/five-steps-towards-achieving-data-security
• Data Security and Privacy page on REALTOR®.orghttp://www.realtor.org/topics/data-privacy-and-security
• Data Security Videohttp://www.realtor.org/videos/data-privacy-be-ahead-of-the-law
• NAR Data Security and Privacy Toolkithttp://www.realtor.org/law-and-ethics/nars-data-security-and-privacy-toolkit

Looking to connect with homeowners, increase your engagement and grow your real estate business? Learn how with bluehammer for Real Estate Agents.

* THIS REPORT IS AN OPINION THAT MAY BE INACCURATE AND IS PROVIDED SOLELY AS AN INFORMATIONAL TOOL NOT DESIGNED TO PROVIDE DEFINITIVE ANSWERS. ALL ELEMENTS ARE OFFERED "AS IS" AND BLUEBOOK EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, REPRESENTATIONS, AND GUARANTEES OF ANY NATURE, EXPRESS, IMPLIED OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABLITILY, NONINFRINGEMENT, TITLE, QUIET ENJOYMENT, ACCURACY, OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL BLUEBOOK (OR THEIR SUPPLIERS) BE LIABLE FOR ANY GENERAL, DIRECT, SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION, THOSE RESULTING FROM USE OF THE PRODUCT, INCLUDING : (1) RELIANCE ON THE MATERIALS PRESENTED, (2) COSTS OF REPLACEMENT GOODS, (3) LOSS OF USE, DATA OR PROFITS, (4) DELAYS OR BUSINESS INTERRUPTIONS, (5) AND ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION) WHETHER OR NOT BLUEBOOK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.