Revelations about Yahoo’s 500 million account data breach have sparked renewed interest in data security and breach notification standards on Capitol Hill recently with some reports that the company knew of the incident as early as 2014. It’s one of the largest breaches in history and could force Congress to act on the issue and try anew at finding a path forward on enacting a nationwide data breach notification standard. NMHC and NAA have been following cyber policy and regulatory developments carefully because of the highly sensitive personally identifiable information that firms and their service providers collect. This information is valuable to data thieves and those wishing to do harm to a company’s reputation or financial standing.
At a Senate committee hearing on the oversight of the Federal Trade Commission (FTC) both the issue, and potential legislation on data security and notification, was discussed. While questions were raised about enforcement authority, it was notable that FTC Chairwoman Ramirez endorsed efforts to require businesses to notify affected consumers within 30-60 days.
Several other notable members of the House and Senate joined in urging action on data breach legislation, which could impact the operations of multifamily companies, pointing to the lack of a clear national standard as a big problem for consumers. Despite the absence of a federal data security standard, we are seeing an increasing amount of enforcement actions by federal regulators. Additionally, data security is being enforced with varying levels of consumer protection and security protocols in 47 states and the District of Columbia.
NMHC/NAA have been engaged with federal policymakers to advocate for a regulatory and compliance landscape that protects consumers while not overly burdening apartment companies. We will continue to follow enforcement actions and their regulatory implications. In addition, we recommend that apartment firms put in place strong defenses to protect their company networks, data and, ultimately, reputations.
More information on data security, including an NMHC/NAA white paper that details best practices, can be found at www.nmhc.org/data-security.