Data breach and cyber security have been the focus of high-profile Senate Committee hearings recently on Capitol Hill, including a hearing on March 26 on the breach of at least 40 million Target customers’ personal information during the holiday season last year. Another Committee hearing held on April 2 detailed how the private sector could protect consumer information and prevent cyber-attacks without congressional-involvement.
The Target breach has raised the profile of the issue. Specifically, the media covered the Target Senate Committee hearing extensively, as well as the Committee’s report detailing how the breach occurred - a report that suggests the company missed several opportunities to stop the attackers and prevent the breach.
Given the amount of personal information apartment firms collect, including social security numbers, driver’s license numbers, banking information and more as part of the leasing process, the issue is also a high priority for the industry.
Although there are no federal cybersecurity or data breach laws, 46 states and the District of Columbia have laws regulating how businesses, including apartment firms, must protect consumers’ personal information and notify people in the event of a data breach. Federal efforts are largely aimed at creating a national data breach standard to replace this patchwork of state laws. Information captured in a NMHC/NAA survey last year, indicates members are knowledgeable about and adhering to state law requirements and do not see an overwhelming need for a federal standard.
NMHC/NAA has provided six steps that apartment firms can take to help prevent data breach. With the advice of legal counsel, better data security plans can be created and help mitigate the risk of a breach, litigation, a damaged reputation and financial penalties related to data breaches.
We continue to follow this issue carefully, ensuring that any proposal or measure that advances in Congress is reasonable and does not impose overly burdensome compliance obligations on apartment firms. The outlook for future action is unclear at this time.
Date Posted: April 4, 2014
- Congress Presses Forward on Consumer Data Privacy
- Data Security Letter to Senate Committee on Banking, Housing and Urban Affairs
- Equifax, Marriott Take the Stand as More Senate Committees Join the Data Privacy and Security Debate
- Congress Looks to Add New Cyber Disclosure Rules for Companies
- Consumer Privacy and Data Security Issues Front-and-Center for Congress