NMHC/NAA Viewpoint Congress should enact legislation that will create a single national data security and breach notification standard that is reasonable, flexible and scalable.
When most people think about consumer data breaches, they often conjure images of banks, credit reporting agencies and retailers. However, the apartment industry is just as vulnerable. Rental housing owners and operators, and their third-party service providers, are responsible for safeguarding vast amounts of highly sensitive, personal data collected, used and maintained about applicants, residents and employees. Data breaches can impact all of these individuals and create severe reputational, financial and legal costs for apartment firms.
Given the ever-expanding cyber-threat landscape, rental housing owners and operators have made defense against these vulnerabilities a top priority. We are pleased that Congressional leaders have placed cybersecurity and consumer privacy high on their agenda, and that lawmakers are calling for stronger requirements.
As policymakers consider solutions to bolster consumer and data protection, NMHC/NAA believe that any federal legislation should provide for:
- A clear Federal preemption of the existing patchwork of often conflicting and contradictory state data security, privacy and breach notification laws.
- A reasonable, flexible and scalable national standard for data protection. Specifically, when establishing compliance obligations, this standard must consider the needs and available resources of small businesses as well as large firms and the sensitivity of the data in question.
- A clear assignment of financial and legal liability to the entity that actually suffered the breach, particularly in the case of third-party breaches.
- A requirement that third-party service providers must notify their customers of any breach and allow them to notify the consumer of the breach if they so choose.
NMHC/NAA stand ready to work with Congress to create a federal data standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is secure.
APARTMENT FIRMS INCREASINGLY OPERATE ACROSS MULTIPLE STATES AND MUST COMPLY WITH A PATCHWORK OF 48 DIFFERENT STATE LAWS GOVERNING DATA SECURITY AND PRIVACY. THIS REGULATORY FRAMEWORK DRIVES UP COSTS, WHICH ULTIMATELY AFFECT HOUSING AFFORDABILITY.
Print Friendly Fact Sheet
- Data Security Letter to Senate Committee on Banking, Housing and Urban Affairs
- Equifax, Marriott Take the Stand as More Senate Committees Join the Data Privacy and Security Debate
- Congress Looks to Add New Cyber Disclosure Rules for Companies
- Consumer Privacy and Data Security Issues Front-and-Center for Congress
- Potential global cyber attack could cause $85 billion-$193 billion worth of damage