It is time to come up to speed with your awareness of PII and its impact on real estate practices.

REALTOR® University  launched a 4 hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.

In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:

  • « Not just an issue for “big companies.”
  • « Every brokerage office maintains personally identifiable information (PII).
  • « Extensive state regulation of collection and retention of PII
  • « Most states address collection, disposal, and breach notification of PII.
  • « Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.
    • Tennessee regulation requires principal brokers to develop and utilize a retention schedule.
    • South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.
  • «No Federal data security, privacy, and breach notification laws yet, but being considered.
  •  What is personally identifiable information?
  •  Defined by state law, but generally means:

« First name/initial and last name in combination with any of the following:
« Social Security Number
« Driver’s license or state-issued ID number
« Financial account number
« Medical/health information

  •  Social Security Numbers found in:
    •  Sales contracts
    • Credit/background checks on renters
    • W9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)
  • « Driver’s license or state-issued ID numbers found in:
    •  Clients’ driver’s licenses (collected as safety precaution)
    •  Rental applications; credit/background checks
  • « Financial account number found in:
    •  Personal checks given as earnest money
    •  Mortgage account number on HUD-1
    •  Credit/background checks on renters
    • Earnest money checks
  • « Other:
    • Employee/agent records maintained in HR files contain many PII elements
    •  Copies of loan documents or credit card payments related to transaction even without asking clients to provide such information
  • Where is PII stored?
  • « Broker email systems and networks
  • « Scanners, copiers, and fax machines
  • « Agents’ personal email
  • « Agents’ mobile text
  • « Agents’ personal home computer/laptop
  • « Cloud storage facilities
  • « Physical file cabinets
  • What’s the cost of a breach?
  • « Operational expenses (i.e., damage to systems; time spent investigating breach and working with law enforcement)
  • « Cost of breach notification (avg. $194 per record)
  • « Civil penalties
  • « Annual audit/reporting requirements
  • « Negative public perception
  • « Potential future liability (i.e., ID theft)

Five Step Program – http://www.realtor.org/articles/five-steps-towards-achieving-data-security