NAR aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities. NAR offers a toolkit that provides information about state laws and pending federal regulations regarding data security and privacy protection that may aﬀect your business. In regards to compliance, the toolkit includes various checklists of issues to consider when drafting a security program tailored to your business’s needs. There is no one-size-ﬁts-all approach to security and compliance, but NAR aims to provide your real estate business with the tools necessary for developing a program that best suits your business.
What is the fundamental issue?
Public concern about the confidentiality of personal medical, financial and consumer data has put pressure on policy makers to increase regulation on the uses of this information. Given the recent large data breaches and increasing use of online marketing/advertising targeting consumers, Congress has been considering legislation to strengthen data collection, storage and flow regulations; require privacy notices; and impose other information safeguards.
I am a real estate professional. What does this mean for my business?
Real estate professionals collect, store, and share a great deal of consumer information, including some sensitive financial data. NAR recognizes the importance of protecting consumer data and supports common sense data privacy and security safeguards that are effective and appropriately tailored to avoid unduly burdening small businesses.
In order to streamline and minimize compliance burden, NAR supports a single federal standard for data privacy and security laws consistent with the following principles:
- Collection of Personal Information Should be Transparent. REALTORS® should recognize and respect the privacy expectations of their clients. They are encouraged to develop and implement privacy and data security policies and to communicate those policies clearly to their clients.
- Use, Collection and Retention of Personally Identifiable Information. REALTORS® should collect and use information about individuals only where the REALTOR® reasonably believes it would be useful (and allowed by law) to administering their business and to provide products, services and other opportunities to consumers. REALTORS® should maintain appropriate policies for the reasonable retention and proper destruction of collected personally identifiable information.
- Data Security. REALTORS® should maintain reasonable security standards and procedures regarding access to client information.
- Disclosure of Personally Identifiable Information to Third Parties. REALTORS® should not reveal personally identifiable data to unaffiliated third parties unless: 1) the information is provided to help complete a consumer initiated transaction 2) the consumer requests it; 3) the disclosure is required by/or allowed by law (i.e. investigation of fraudulent activity); or 4) the consumer has been informed about the possibility of such disclosure through a prior communication and is given the opportunity to decline (i.e. opt-out.)
- Maintaining Consumer Privacy in Business Relationships with Third Parties. If a REALTOR® provides personally identifiable information to a third party on behalf of a consumer, the third party should adhere to privacy principles similar to the REALTOR® that provide for keeping such information confidential.
Congress has been considering legislation that would:
- Cover all entities handling sensitive information with no exemptions for banks, telcos, or third parties.
- Include within the scope of legislation:
- A breach of security is the acquisition of data (not access or acquisition);
- Sensitive account/personal information are narrowly defined terms (not expansive);
- The trigger for notice is risk-based (requiring what is defined as financial harm).
- Set reasonable data security standards for non-banks;
- Provide for the enforcement by banking regulators for banks, and by FTC for non-banks;
- Ensure equivalent enforcement by all banking regulators and the FTC, with requirement that the agencies coordinate on equivalent enforcement and penalties; and
- Give all covered entities the benefit of solid preemption of state and common law.
NAR has developed an educational toolkit for members and has developed an online training course available through REALTOR® University.
Federal Technology Policy Committee
Congressional authorizing committees have not introduced legislation at this time.
Letters to Congress
Letters to federal agencies
NAR Federal Issues Tracker
NAR Library & Archives has already done the research for you. References (formerly Field Guides) offer links to articles, eBooks, websites, statistics, and more to provide a comprehensive overview of perspectives. EBSCO articles (E) are available only to NAR members and require the member's nar.realtor login.
What does data privacy and security mean in today's world?
Data Security and Privacy Toolkit - This Toolkit provides information about state laws and pending federal regulations regarding data security and privacy protection that may affect your business.
Enhance Your Brand & Protect Your Clients with Data Privacy & Security - This Data Security and Privacy Course aims to educate real estate associations, brokers, agents, and multiple listing services about the need for data security and privacy; and to assist them in complying with legal responsibilities.
Video: Window to the Law: Creating a Cybersecurity Program – Learn about the steps to follow when implementing a cybersecurity plan from NAR Senior Counsel Finley Maxson.
Topic: Social Media - NAR topic page providing background information on concerns with various popular social media sites, and including tips and suggestions to protect privacy and identity.
3-Hour Safety Course for REALTOR® Associations - This course is an essential primer on how real estate professionals can limit risk to preserve safety and facilitate positive business outcomes.
Are You & Your Data an Easy Target?
Safety expert Andrew Wooten provides tips on how to keep you and your data safe while at the office. Topics covered in this free NAR webinar include workplace personal safety, how to keep your office from becoming exposed to risk, and how to create an office plan with safeguards.
Identity Theft: Protecting You & Your Clients
The second in the series of NAR's REALTOR® Safety Webinars led by industry expert Andrew Wooten, "Identity Theft: Protecting You and Your Clients," offered several suggestions and precautions you should take to keep your personal information and property secure, and what you should do if you are a victim of identity theft. The session also provides great information to can share with your clients, including brief instructions on how to keep your clients' information protected.
Social Media & Cyber Safety
In this session, safety expert Andrew Wooten, provides social media and cybersafety safety tips. Learn how today's criminals are using your social media information for illegal activities, and discover how you could be tracked through geotags.
Tools for REALTORS®
What are your legal obligations? Where can you find the latest information about the laws?
Cybersecurity Checklist: Best Practices for Real Estate Professionals
NAR Principles: REALTOR®-endorsed data privacy and security principles regarding personal information
Internet Security Best Practices: NAR’s Member Support three-part report recommending a number of security practices to help keep REALTORS® and their business safe online.
FTC Data Security Best Practices: Rules and guides for businesses of any size.
FTC: Privacy Initiatives: A comprehensive listing of compliance resources, including Data Security, from the FTC, categorized by line of work.
FTC: Avoid ID Theft: Detailed information to help consumers deter, detect, and defend against identity theft.
FTC Data Security Best Practices: Free resources to help businesses securely collect, keep, and dispose of sensitive personal information of customers or employees in their files.
Safety Program Reimbursement Grant: The goal of the NAR Safety Program Reimbursement Grant is to provide funding assistance to state and local REALTOR® Associations to help implement a Safety Program or feature for their members, and to encourage ongoing awareness of REALTOR® Safety.
Man to Man: You’re Just as at Risk (REALTOR® Magazine, July 2015)
Have an idea for a real estate topic? Send us your suggestions.
The inclusion of links on this page does not imply endorsement by the National Association of REALTORS®. NAR makes no representations about whether the content of any external sites which may be linked in this page complies with state or federal laws or regulations or with applicable NAR policies. These links are provided for your convenience only and you rely on them at your own risk.