Data breaches can happen from hackers, employees, competitors, vendors or other third parties and can be intentional or accidental. It is well documented that even the best security systems are being hacked at an alarming rate. Most recently, there has been an increase in the number of real estate companies who have experienced a cyber breach. While this industry is usually not currently categorized as “high risk,” this is beginning to change.
Protecting the personal information of tenants and maintaining their trust is a vital aspect of this business. Real estate professionals routinely obtain, store and transmit personally identifiable information, including social security numbers and financial records. This data is often obtained from credit reports, applications, leases and rental agreements. Community associations and HOAs are especially selective and collect much more detailed financial and personal information from their prospective owners and tenants. Sometimes this information can be stored on a property’s hard drive and incidentally can be hacked.
Safeguard Your Data
That data collection imposes legal duties on the real estate industry to safeguard it. Should it be compromised, real estate professionals could find themselves in the same situation as the organizations we all read about in the news. Legal fees, IT forensics expenses, notification and credit monitoring costs and investigations from government authorities would be expected. The financial impact and reputational damage could be significant. In fact, according to the 2014 Ponemon Institute Cost of Data Breach Study, the average cost to a company was $3.5 million, 15 percent more than what it cost last year.
The real estate industry can start addressing this risk by asking some basic questions. What data do I collect? Why do I collect it? Where is it stored? Who has access to it? How well is it protected? When and how should it be purged? What will we do if it is accessed by an unauthorized party?
Insurance is Evolving
Cyber Liability Insurance, also known as Privacy/Data Liability Insurance, is a rapidly evolving product in today’s marketplace. In fact, Cyber Insurance is the fastest growing coverage in the insurance industry, according to the New York Times. The basic elements of a cyber liability insurance product can include coverage for a number of expenses associated with breach including legal expenses, notification expenses, regulatory fines and penalties, credit monitoring and public relations expenses.