Consumer data privacy continues to be front and center for the apartment industry as firms prepare to comply with the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. Even firms and service providers without a physical presence in California are evaluating their need to comply given the broad scope of the law. Protecting the privacy and security of resident data has long been a top priority of apartment firms and service providers, but compliance with the new law promises to be challenging. This is particularly true in light of a lack of clarity about how the CCPA will be enforced by the California Attorney General. Given the potential impact of CCPA on apartment firms and service providers, NMHC recently filed comments with the Attorney General on the industry’s behalf.
While the industry has questions about many aspects of CCPA, the California Attorney General released a Notice of Proposed Rulemaking Action that includes specific Proposed CCPA Regulations. NMHC filed comments highlighting the unique complexities of compliance for the industry and noting the unintended new risks that CCPA created on the privacy and security of consumer data. NMHC believes that those challenges can be addressed through clarifications and amendments to the Proposed Regulations.
Providing extensive detail how Proposed Regulations would impact the industry, NMHC’s comments focused on:
- Requests to Know and Requests to Delete including methods for submitting requests; the timeline for responding to requests to know and to delete; responding to requests to know; and responding to request to delete.
- Requests to access or delete household information including aggregate household information and joint household request.
- Minimizing additional transmissions of personal information to mitigate privacy and security risks to consumers.
- Clarification and guidance on what would constitute a “sale” of personal information and requests exception to deletion request related to “internal uses”.
NMHC thanks members for the significant guidance and feedback provided during the comment process. The conversation at NMHC’s recent Data Privacy Standards and Compliance Summit provided an opportunity for apartment owners and managers to engage with policy and legal experts and suppliers on the front lines of industry compliance while also informing NMHC’s comments. Several industry leaders also provided content and perspective that helped to build out the comments that were filed with the California Attorney General.
CCPA continues to evolve through last-minute fixes that were signed into the privacy law by California Governor Newsom. Now California’s Attorney General must respond to all comments received on the Proposed Regulations. Despite the continued questions about CCPA, apartment firms will have to comply with CCPA as of January 1, 2020. NMHC will continue to engage on data privacy as the California Attorney General releases final regulations and CCPA enforcement begins. NMHC is actively supporting a federal privacy standard so that apartment firms do not have to comply with a patchwork of state data privacy and security laws. We will also continue to provide resources such as a recently released a white paper, "Data Privacy and Protection: Practical Considerations for Apartment Firms." The paper examines the state of the rapidly evolving data protection and privacy regulatory landscape and identifies 14 steps firms should take in response to it.
- California Privacy Law Enforcement Nears
- Updated CISA Guidance Provides Clarity to Essential Workers Definition
- COVID-19 Outbreak Underscores Need for Strong Residential Connectivity
- NMHC and NAA Letter to the Cyber and Infrastructure Security Agency
- California Releases New CCPA Compliance Guidance – Senator Moran introduces Federal Privacy Standard Legislation