Congress continues to focus on protecting consumer privacy in the wake of revelations about high-profile data security and privacy breaches. There is a clear sense of urgency for action on the Hill as House and Senate committees hold high-profile hearings as part of a bipartisan effort to create a federal data privacy law. NMHC and NAA are highly engaged because we support a standard that is scalable and accounts for the scope and size of the business in question that replaces the patchwork of state laws that exist today.
The Subcommittee on Consumer Protection and Commerce of the House Energy and Commerce Committee recently held a hearing with all five Federal Trade Commission (FTC) commissioners. The hearing focused primarily on data privacy and security. There was bipartisan support for clear and transparent data privacy policies that would allow consumers to make informed decisions about how and when their data is shared. Members spoke in broad terms about what a data privacy law would look like and avoided serious debate about some of the thornier topics such as FTC rulemaking authority, federal preemption and possible compliance burdens.
The Senate Committee on Banking, Housing and Urban Affairs also held a hearing to explore privacy regulations and data collection recently. The Committee focused on the impact of the Facebook privacy violations and how social media companies are collecting, using and selling consumer data. Members debated the merits of California’s new privacy standard, the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). In addition to the conversation about data privacy, there were references to the need for data security standards as highlighted by the massive Equifax breach.
The Senate Judiciary Committee also held a recent hearing on privacy, focusing on how a federal data privacy law would impact digital advertising and competition. This speaks to the difficult balance between protecting consumer data and encouraging innovation in a manner that allows smaller firms to compete in the digital economy. This conversation reflects the continued focus on the need for a federal privacy law and the impact of GDPR and CCPA on American businesses. It also highlights the broad bipartisan interest in both chambers to act.
NMHC and NAA submitted comments to the Committees outlining the industry’s support for a national data security and breach notification standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is protected.
NMHC and NAA provide a variety of resources to help secure a firms’ data and bolster its overall cybersecurity posture. These resources can be found at www.nmhc.org/data-security. Example resources include an industry white paper/guidance document on cybersecurity best practices, and valuable cybersecurity resources from the FTC.
Additionally, NMHC works with the Real Estate Information Sharing and Analysis Center (RE-ISAC) to distribute regular email alerts of malicious cyber activity that could impact multifamily firms, their data or residents. NMHC members can sign up for the cybersecurity notification system to learn of real-time cyber threats and trends.