Brokerages Not Immune to Consumer Privacy and Data Security Concerns
Real estate brokerages begin collecting sensitive consumer data, often before a customer realizes it. In the financial services industry, there’s a general consensus that the 2017 data breach at credit reporting agency Equifax created renewed awareness of vulnerabilities. Real estate brokerages should be paying attention.
While U.S. lawmakers ponder action, California has led the way in creating its own policy, with the passage of legislation, the California Consumer Privacy Act (CCPA) last summer. Brokerages have often been on the sidelines of political discussions surrounding privacy and security, but the industry is not immune. California’s law, which applies to all companies that collect data on California residents, goes into effect in January 2020.
Europe has also strengthened its privacy policy, known as the General Data Protection Regulation (GDPR), which went into effect last year. There have been far-reaching consequences for U.S. businesses that operate overseas, as many brokerages do.
The WAV Group has produced a white paper, which discusses how Europe’s GDPR will impact myriad businesses in the U.S., including real estate brokerages.
According to the WAV Group’s research, if a company provides a service or product to a European citizen–even if the citizen is located within the EU–the company must comply with GDPR. WAV notes that real estate companies and public-facing MLSs with websites containing inquiry forms and user registration are potentially collecting an EU citizen’s personal data and must be in compliance with GDPR.
“Another area of concern is how real estate agents enter their customers’ contact information into the MLS platform to receive ‘Just Listed’ notifications,” writes David Gumpper, head of technology consulting for WAV. “The contact information could be from an EU citizen. Additionally, the industry has to tackle GDPR compliance with listing agreements and sales contracts, which are processed and sent for digital signatures to EU customers and stored on U.S. systems.”
Brokerages that haven’t started planning how to protect data, should start soon, advises Gumpper. He urges companies to do an audit to determine if personal data on their systems contain data from European citizens.
This could help companies prepare for further action on data security, as U.S. lawmakers begin debating the issue.
With Congressional hearings into data security and consumer privacy taking on added urgency, bipartisan support for federal legislation seems to be evolving, Gumpper says. Passage of legislation is going to be determined by the details in protecting consumer privacy and data security.
“Today’s politics certainly exposes a philosophical difference in the implementation of a law,” says Gumpper.
Although it is going to take time and compromise to have something in place before 2020, perhaps by then the advantages but also unintended consequences of GDPR will be clearer and will help inform U.S. policy.