This week, there was action in both California and in Washington, D.C. in the data security and privacy arena, providing critical insight and compliance guidance for apartment owners and operators.
California Attorney General Xavier Becerra once again issued updated proposed regulations that lay the groundwork for fully implementing and enforcing the California Consumer Privacy Act (CCPA). This is the third version of the regulations that will ultimately guide how the CCPA is interpreted and enforced.
NMHC and NAA both submitted comments in 2019 seeking changes and clarifications to the underlying regulations, and the Attorney General responded by making several of the changes to accommodate the industry’s concerns. Yet, in the latest round of edits made to the regulations, the changes focused on other issues including data tracking, removing IP addresses from the definition of Personally Identifiable Information and visual features on how a consumer can limit or opt-out of data collection.
NMHC and NAA are continuing to review the new proposed regulations and consulting with apartment owners, operators and suppliers in anticipation of additional comments being due March 27. The Attorney General has the ability to issue yet another round of updated regulations before enforcement begins on July 1.
Because of the complexity of businesses complying with a growing patchwork of data breach notification, security and now privacy standards across the country, NMHC and NAA are actively supporting a federal data security and privacy standard. To that end, this week, Senator Jerry Moran (R-KS), Chairman of the Senate Commerce Subcommittee on Consumer Protection, introduced the Consumer Data Privacy and Security Act of 2020. The legislation, which is the latest in a series of Congressional proposals, looks to pre-empt the CCPA and bring data privacy protection and regulation to the federal level. The legislation would establish a federal data privacy and security standard, give consumers control over their data and requires notification of any breaches or incidents.
NMHC and NAA have long argued that any standard must be scalable, account for the scope and size of the business and the sensitivity of the data in question – and to its credit, the bill addresses this point.
To date, bipartisan agreement on privacy and security standards has eluded Congress. It is likely that this impasse will continue throughout 2020, making compliance with the CCPA and other emerging standards critical for multifamily firms of all sizes.
For more information on data privacy and security, please visit our advocacy page.