Apartment firms spend a great deal of time and resources building their brands and reputations. However, a single data breach can undermine those efforts and cause devastating reputational harm to a company. And the risks to apartment firms are growing as companies both integrate more advanced and mobile technologies into their operations and collect more information about their residents and employees to try to serve them better.
With the advice of legal counsel, apartment owners and managers can create better data security plans, lessening the risks of litigation, a damaged reputation and financial penalties associated with data breaches. The first step for apartment owners and managers is to better familiarize themselves with state data security and breach notification laws and develop company compliance programs accordingly. But there are additional measures apartment firms can take to help prevent data breach. By incorporating these elements, along with some common sense measures, into everyday practices, apartment firms can significantly mitigate data security risk.
- Maximize internal security measures. Simple internal security measures can play a huge role in preventing a data breach. Limiting access to (electronic and paper) records to necessary employees and requiring employees to update passwords regularly are basic policies that can be easy to implement. In addition, evaluate employees’ use of personal social media activity on company devices. Note, this is a developing area of law.
- Increase employee awareness. Educating employees of security risks is essential to maintaining a secure environment. Employees should be reminded to lock computers, file cabinets and offices when away from their workspaces. Moreover, employees should also be reminded that they are targets of theft and security threats outside the office. Staff should pay close attention to their mobile devices and laptops when transporting them to avoid theft or loss.
- Dispose of unnecessary hard and electronic records containing personal information. Apartment firms should take care to confirm that any documents containing personal information are properly destroyed in compliance with existing federal and state laws. In addition to complying with these regulations, companies should consider taking additional steps to encrypt or dispose of records that are no longer of use.
- Perform due diligence when hiring third party vendors. To reduce additional exposure to security threats, thoroughly research potential vendors to assure they have adequate privacy measures in place.
- Schedule security plan assessments. As new technologies come to market and employees turn over, security plans become obsolete. Companies should perform regularly scheduled assessments to determine that their security plans are current and executable.
- Research available insurance coverage for data breaches. Despite how great a data security plan may seem and how many safeguards are implemented, companies are still vulnerable to suffering a breach. When purchasing data breach insurance, consider additional risks and costs, such as expenses incurred to determine the extent of the breach, data breach notification costs, court costs and civil penalties, credit monitoring costs and expenses related to public relations efforts.
- Data Compliance and Connectivity Concerns Mount
- National Multifamily Housing Council Issues Data Privacy and Protection White Paper
- Data Privacy and Protection: Practical Considerations for Apartment Firms - White Paper
- Congress Presses Forward on Consumer Data Privacy
- Data Security Letter to Senate Committee on Banking, Housing and Urban Affairs