Data breaches can happen from hackers, employees, competitors, vendors or other third parties and can be intentional or accidental. It is well documented that even the best security systems are being hacked at an alarming rate. Most recently, there has been an increase in the number of real estate companies who have experienced a cyber breach. While this industry is usually not currently categorized as “high risk,” this is beginning to change.
Protecting the personal information of tenants and maintaining their trust is a vital aspect of this business. Real estate professionals routinely obtain, store and transmit personally identifiable information, including social security numbers and financial records. This data is often obtained from credit reports, applications, leases and rental agreements. Co-ops and condos are especially selective and collect much more detailed financial and personal information from their prospective owners and tenants. Sometimes this information can be stored on a property’s hard drive and incidentally can be hacked.
Safeguard Your Data
That data collection imposes legal duties on the real estate industry to safeguard it. Should it be compromised, real estate professionals could find themselves in the same situation as the organizations we all read about in the news. Legal fees, IT forensics expenses, notification and credit monitoring costs and investigations from government authorities would be expected. The financial impact and reputational damage could be significant. In fact, according to the 2014 Ponemon Institute Cost of Data Breach Study, the average cost to a company was $3.5 million, 15 percent more than what it cost last year.
The real estate industry can start addressing this risk by asking some basic questions. What data do I collect? Why do I collect it? Where is it stored? Who has access to it? How well is it protected? When and how should it be purged? What will we do if it is accessed by an unauthorized party?