Although past legislative efforts to address data security and breach notification requirements have fallen short, there is a growing, bipartisan consensus that something must be done which could make cybersecurity a priority issue in 2018. The House and Senate held numerous oversight hearings in 2017 and lawmakers have released a variety of competing proposals to bolster data security and breach notification requirements.
The Senate Commerce, House Energy and Commerce and House Financial Services Committees hold jurisdiction over the issue and their members are looking to forge a sensible path forward. NMHC/NAA have engaged in early discussions with members of these committees to share insight into how the industry uses consumer data and how it protects it.
Currently, multifamily companies, many of which own or operate properties in a variety of states, must comply with a patchwork of 48 different state laws that address data security and privacy. Given the complexity of this regulatory framework, apartment firms would benefit from efforts to lessen the compliance burden that a national approach could provide. Additionally, while multifamily owners and operators strongly support efforts to safeguard a consumer’s personal information, NMHC/NAA continue to express concerns about any legislation that imposes overly burdensome requirements on businesses without regard to their scope and size.
NMHC/NAA have also expressed the industry’s concerns about the nature of mandatory security standards, disclosure thresholds, the notification process and liability. NMHC/NAA will continue to work to ensure that any cybersecurity proposals recognize the unique nature and needs of the multifamily industry while ensuring the data our members use is secure.
NMHC/NAA provides a variety of resources to help secure a firms’ data and bolster its overall cybersecurity posture, which can be found at www.nmhc.org/data-security. Example resources include a white paper/guidance document on cyber security best practices and a concise, sharable guide to “Social Engineering Red Flags,” that can help educate employees about cyber pitfalls.
Additionally, NMHC works with the Real Estate Information Sharing and Analysis Center (RE-ISAC) to distribute regular email alerts of malicious cyber activity that could impact multifamily firms, their data or residents. NMHC members can sign up for the cybersecurity notification system to learn of real-time cyber threats.
- FTC Commercial Surveillance and Data Security Comment Letter
- Legislation that Creates Federal Data Privacy Standard Advances to Senate
- NMHC NAA Data Privacy Letter to Energy and Commerce Committee
- NMHC NAA Letter on Data Privacy
- Bipartisan Lawmakers Release Federal Data Privacy Bill That Would Have Impact on Multifamily Data Practices