Latest on the Blog

Follow Us On:

Brokerage, Consumer News, Residential Real Estate, Misc

August 29, 2014

How's Your PII Data Awareness?

It is time to come up to speed with your awareness of PII and its impact on real estate practices.

REALTOR® University recently launched a 4-hour online training course for REALTORS® and Association and MLS staff on privacy and data security. “Enhance Your Brand & Protect Your Clients with Data Privacy & Security.” This Data Security and Privacy Course aim to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.

In a NAR Legal Update presentation, NAR Associate General Counsel Ralph Holmen made these key points on Data Security and Privacy:

 • Not just an issue for “big companies.”
 • Every brokerage office maintains personally identifiable information (PII).
 • Extensive state regulation of collection and retention of PII
 • Most states address collection, disposal, and breach notification of PII.
 • Some real estate license regulations address licensees securely maintaining and destroying records, including transaction docs.

    • Tennessee regulation requires principal brokers to develop and utilize a retention schedule.
    • South Dakota applies a policy describing 11 requirements for safeguarding electronically stored records.


 • No Federal data security, privacy, and breach notification laws yet, but being considered.

 • What is personally identifiable information?

 • Defined by state law, but means:

First name/initial and last name in combination with any of the following:
Social Security Number
Driver’s license or state-issued ID number
Financial account number
Medical/health information


 • Social Security Numbers found in:
    • Sales contracts
    • Credit/background checks on renters
    • W9s (collected by listing brokers from individuals receiving more than $600 cooperating commission)


 • Driver’s license or state-issued ID numbers found in:
    • Clients’ driver’s licenses (collected as a safety precaution)
    • Rental applications; credit/background checks


 • Financial account number found in:
    • Personal checks were given as earnest money
    • Mortgage account number on HUD-1
    • Credit/background checks on renters
    • Earnest money checks


• Other:
    • Employee/agent records maintained in HR files contain many PII elements
    • Copies of loan documents or credit card payments related to transaction even without asking clients to


 • Where is PII stored?
 • Broker email systems and networks
 • Scanners, copiers, and fax machines
 • Agents’ personal email
 • Agents’ mobile text
 • Agents’ personal home computer/laptop
 • Cloud storage facilities
 • Physical file cabinets


 • What’s the cost of a breach?

 • Operational time spent investigating the breach and working with law enforcement

 • Cost of breach notification (avg. $194 per record)

 • Civil penalties

 • Annual audit/reporting requirements

 • Negative public perception

 • Potential future liability (i.e., ID theft)

Five Step Program –

 • Take Stock

 • Scale Down

 • Lock it Down

 • Pitch It

 • Plan Ahead

 • NAR Resources:

 • Five Steps towards Achieving Data Security


 • Data Security and Privacy page on REALTOR®.org


 • Data Security Video


    • NAR Data Security and Privacy Toolkit

Related Post

2018 Real Town The Real Estate Network