In the wake of revelations about privacy violations by some financial and technology companies, Congress continues to investigate how consumer data is protected and what rights consumers should have over their own data. In recent weeks, several policymakers are urging comprehensive reforms that address weaknesses in data privacy, security and breach notification.
NMHC and NAA have been deeply involved in the call for a strong nationwide data security and breach notification standard that is scalable and accounts for the scope and size of the business.
NMHC and NAA submitted comments on March 15 to the Senate Committee on Banking, Housing and Urban Affairs outlining the industry’s support for a national data security and breach notification standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is secure.
NMHC and NAA are also engaged with the growing number of House and Senate committees that have entered the fray to debate data security and privacy. Two more Senate committees joined the debate and held hearings recently, which follow on the heels of hearings NMHC and NAA have covered.
The Senate Judiciary Committee held a hearing on the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) this week. The committee discussed the need to improve consumer data protections, but familiar fault lines appeared as members debated federal preemption of existing state laws. Ranking Member Diane Feinstein (D-CA) said she would oppose efforts that would create a federal privacy regulation that would preempt CCPA’s protections.
The Senate Permanent Subcommittee on Investigations held a separate hearing focusing on high-profile data breaches at Equifax and Marriott. During the hearing, members of Congress critiqued both companies for failing to implement basic data security practices and allowing millions of Americans’ data to be exposed. Subcommittee members on both sides of the aisle also expressed strong interest in reviving data security legislation to protect consumer data through a federal security standard and a notification process.
Continued interest in the House and Senate guarantees that there will be ongoing debate on how to protect consumer data. However, the number of committees engaged will undoubtedly slow the process to reach a compromise. Aside from considering possible federal standards governing data security, breach notification and consumer privacy, Congress is increasingly looking at the private sector’s role in boosting the nation’s cybersecurity readiness.
NMHC/NAA provide a variety of resources to help secure a firms’ data and bolster its overall cybersecurity posture. These resources can be found at www.nmhc.org/data-security. Example resources include an industry white paper/guidance document on cyber security best practices, valuable cybersecurity tools from the Federal Trade Commission, and a sharable guide to “Social Engineering Red Flags” that can help educate employees about cyber pitfalls.
Additionally, NMHC works with the Real Estate Information Sharing and Analysis Center (RE-ISAC) to distribute regular email alerts of malicious cyber activity that could impact multifamily firms, their data or residents. NMHC members can sign up for the cybersecurity notification system to learn of real-time cyber threats.
- FTC Commercial Surveillance and Data Security Comment Letter
- Legislation that Creates Federal Data Privacy Standard Advances to Senate
- NMHC NAA Data Privacy Letter to Energy and Commerce Committee
- NMHC NAA Letter on Data Privacy
- Bipartisan Lawmakers Release Federal Data Privacy Bill That Would Have Impact on Multifamily Data Practices