NMHC/NAA continue to support efforts to create a national data security standard as the massive Equifax breach has galvanized Congress and the Administration to put into place data security requirements to protect consumer data. There is bipartisan agreement that more needs to be done to protect consumer data. Past efforts have been stymied due to disagreement about data security requirements and liability, but momentum to find a compromise has grown based on the magnitude of the Equifax breach.
Subcommittees of House Financial Service Committee and House Energy and Commerce Committee held hearings this week to explore the Equifax breach, data security vulnerabilities and gaps in current federal and state regulations. The New Democrat Coalition, a group of moderate House Democrats, also unveiled a comprehensive cybersecurity plan to leverage public-private partnerships. It is likely that legislation such as the bill passed by the House Financial Services Committee in late 2015 or the bipartisan compromise package reported on previously could gain traction in this political climate.
The Senate will continue to pursue solutions later this month, as current and former CEOs of Equifax and former Yahoo CEO Marissa Mayer will testify before the Senate Commerce Committee on cybersecurity breaches.
Currently, NMHC/NAA member companies must comply with a patchwork of 48 different state laws that address data security and privacy. While NMHC/NAA strongly support efforts to safeguard a consumer’s personal information, NMHC/NAA continue to express concerns about any legislation that imposes overly burdensome requirements on businesses without regard to their scope and size. NMHC/NAA have expressed our concerns to Congress about the nature of mandatory security standards, disclosure thresholds, the notification process and liability. NMHC/NAA continue to work to ensure that any proposal that moves forward recognizes the unique nature and needs of the multifamily industry while ensuring the data our members use is secure.
NMHC/NAA provides a variety of resources on data security, including a white paper with best practices, at www.nmhc.org/data-security. Additionally, NMHC, works with the Real Estate Information Sharing and Analysis Center (RE-ISAC), distributes regular email alerts of cyber activity that could impact member firms, data or residents. NMHC members can sign up for a newly launched cybersecurity notification system which aims to inform members of real-time cyber threats.