Reducing Your Portfolio’s Cyber Liability for 2020

Key steps you can take to prepare your multifamily properties for upcoming new resident data security regulations.

Did you know? New data privacy regulations are taking effect on January 1, 2020 that will set higher standards for managing resident data. These laws vary state-by-state and experts expect California’s CCPA to set a standard of compliance that many other states will follow closely.

The new laws are in response to consumers' demands to know the information a company has saved on them, and to know who their data is being shared with. 

"As consumers become more conscious of their data rights across industries, we as real estate managers, operators, and developers, need to expand our policies to include dedicated sections on data protection," says Mark Zikra, Vice President of Technology at CA Ventures, LLC.  "Furthermore, we need to know how and when our data is being used internally and/or externally and be able to speak to those uses clearly and concisely with our residents.  Transparency on this within lease agreements, websites, and other communication mediums will go a long way in gaining the trust of our renters."

Luckily, there are many steps that you can take to reduce your properties' risk, put your clients at ease, and signal to your residents that you take their data privacy very seriously. Creating a plan to address potential security risks is vital.

“Just like any other business that handles consumer information, property management companies need a plan for how to comply with things like breach response notification laws and data subject requests,” says Lisa Angelo, Founding & Managing Partner of Angelo Law Firm PLLC, a firm focused on cyber liability.

We identified three areas to start your internal data security assessment. However, please note that we are not offering legal advice and we recommend you consult with an attorney for more comprehensive advice:

1. Review your Vendor Agreements and End-User Privacy Notices

Identify all systems that touch your data and residents’ data. Each of these systems should have a clearly-stated Terms of Service and Privacy Notice, that were made available to you during your contracting phase, and shown to your residents if they sign up for the service directly.

In each of these vendor’s documents, you’ll want to look for some key “positive” language that signals that their Privacy Notice is up-to-date and ready for the upcoming new regulations.

Here are a few key questions to ask while reviewing their Privacy Note:

• Do they list the types of information they collect and how exactly they use it?
• Do they discuss their Cookie policy (for digital products)?
• If operating in California, does their Privacy Notice include a California Resident Rights section?
• Do they promise to update you and your residents via email or in writing when the Terms of Service or Privacy Notices are updated?

Further, you will want to watch out for these yellow flags:

• Does the vendor share your data with any external third parties?
• If the vendor does share data with third parties, for what purposes? Can you review the Privacy Notices of those third parties?
• Is the vendor selling or licensing your data? If so, is it anonymous, de-identified and aggregated?

2. Encourage Property Staff to Handle Resident Data Carefully

To ensure that your property staff is giving the utmost care towards maintaining resident data privacy, we recommend publishing an official Privacy Checklist. If leasing teams are writing down personal information on notepads or other papers, is that information eventually shredded? Are privacy screens placed over desktop monitors?

Many properties still allow residents to print personal documents via the office staff. This practice should be prohibited as it introduces personal resident information onto your corporate systems and introduces a human-risk vulnerability. If helping residents print via the staff printer is unavoidable, staff should always delete personal documents immediately after printing.

3. Reduce Computer Terminal Usage and Upgrade to a Secure, Wireless Printer Amenity

PC and Mac computer terminals for shared use by residents are by far the riskiest devices on-site today. Many properties still require users to login to a shared computer to print on a networked printer. The security risks inherent in this public workflow are obvious.

Properties should switch to a wireless printer amenity that enables users to print directly and securely from their own devices. The documents should never touch your property’s own systems, and users should have the option to enter a unique secure release code before printing.

Contact PrintWithMe today to upgrade your property’s resident printer amenity to a secure and wireless system, and reduce this area of cyber liability.