Recently, the top Republican on the Senate Commerce Committee, Roger Wicker (R-TN) and Senator Marsha Blackburn (R-TN) introduced legislation to create a federal data security and privacy standard. Because of the complexity of multifamily firms complying with a growing patchwork of privacy standards across the country, NMHC has been actively calling for Congress to enact such a standard—as outlined to Congress in the industry letter that can be found here.
The reintroduction of the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act is set to bring new focus to the issue of data security and privacy at the federal level. To date, bipartisan agreement on privacy and security standards has eluded Congress and the COVID-19 pandemic shifted most efforts away from finding a path forward. It is likely that this legislation, and similar measures, will continue to face a tough political climate, leaving much of the legislative and regulatory activity at the state level where we have seen several emerging security and privacy standards modeled after the California Consumer Privacy Act (CCPA).
The SAFE DATA Act aims to provide consumers with more choice and control over their data and requires the business community to be more transparent and accountable for their data practices. The SAFE DATA Act would:
- allow consumers to access, correct, and delete their data;
- prohibit businesses from processing or transferring consumers’ sensitive data without their consent;
- require businesses to conduct privacy impact assessments of data processing activities that may present a heightened risk of harm to consumers;
- require businesses to secure consumers’ data and maintain internal controls and reporting structures to assess data privacy risks to consumers; and
- strengthen the Federal Trade Commission’s regulatory and enforcement authority in the areas of data security and privacy to better protect consumers.
NMHC continues to analyze the legislation and its impact on apartment owners and operators. While it is likely that the legislation will not be enacted this year, it is an important step towards a much-needed federal standard.
NMHC will continue to argue that any standard must be scalable, account for the scope and size of the business and the sensitivity of the data in question. In the absence of a federal standard, compliance with the CCPA and other emerging state standards remains critical for multifamily firms of all sizes. For more information on data privacy and security, including comprehensive industry guidance on how to navigate these emerging standards, please visit our advocacy page.