Apartment firms that collect personal information on California residents must prepare themselves for the California Consumer Privacy Act (CCPA). While not scheduled to take effect until January 1, 2020, the CCPA represents one of the most sweeping proposals aimed at protecting consumer privacy.
Similar to provisions included in the European Union’s General Data Protection Regulation (GDPR), the CCPA imposes strict requirements on firms that collect personal information about California residents. Specifically, CCPA includes a broad definition of what constitutes personal information and provides consumers the right to know what personal information is being collected or sold, the right to opt out of sale of their data and the right to ask that their information be deleted.
Details of how CCPA will be implemented and enforced are still being ironed out. The California legislature has been working on legislative fixes to address some aspects of CCPA and has until September 19, 2019, to act on any of the fourteen bills under consideration. Once the legislative process is complete, the California Attorney General will not be able to take enforcement actions until they publish final regulations by a July 1, 2020, deadline.
The current lack of clarity on the specifics of CCPA are creating a compliance challenge for firms that do business with California residents. Additionally, while CCPA is currently the most stringent state privacy law, other states are evaluating data privacy laws and Congress is taking a hard look at the need for a federal data privacy law. Given the cost of non-compliance and the time it takes to modify privacy practices and operations, apartment firms and suppliers must review and implement changes to current consumer privacy practices.
As more focus shifts to data privacy compliance, apartment firms have their work cut out for them to avoid costly pitfalls. In response to the implementation of the various data privacy compliance laws and regulations, NMHC is developing a white paper on how apartment firms can best comply with a complex regulatory landscape on consumer data privacy issues. NMHC members can look for more details regarding the release and rollout of this white paper in the coming months.
NMHC and NAA will continue to monitor CCPA implementation and its possible impact on apartment firms. We also continue efforts to advocate for a federal data privacy law that preempts state privacy law and takes into consideration the scale and scope of data being collected. NMHC and NAA have submitted comments to congressional committees outlining the industry’s support for a national data security, privacy and breach notification standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is protected.
For in-depth coverage of data privacy, we invite you to attend the NMHC OPTECH Conference and Exposition on November 11-13, 2019 in Dallas, Texas. Register here. NMHC and NAA also provide a variety of resources to help secure a firms’ data and bolster its overall cybersecurity posture that can be found at www.nmhc.org/data-security. Example resources include an industry white paper/guidance document on cybersecurity best practices, and valuable cybersecurity resources from the FTC.
Additionally, NMHC works with the Real Estate Information Sharing and Analysis Center (RE-ISAC) to distribute regular email alerts of malicious cyber activity that could impact multifamily firms, their data or residents. NMHC members can sign up for the cybersecurity notification system to learn of real-time cyber threats and trends.