Apartment firms must pay increasing attention to the legal landscape surrounding data privacy and ensuring that they are compliant with existing and future laws. A new NMHC white paper, "Data Privacy and Protection: Practical Considerations for Apartment Firms," is an essential tool to support your firm’s efforts.
NMHC’s white paper provides a framework for developing strong data privacy practices that support apartment firms’ efforts to comply with existing and evolving data privacy laws and standards, regardless of jurisdiction. Of course, apartment firms will need to work with internal legal and technology teams to ensure compliance with each law. But the paper highlights commonalities and trends in the space and identifies ways to bolster consumer privacy protections across the board in an effort to stay ahead of the curve and ahead of coming regulations. Specifically, the paper identifies and defines the common themes seen across current laws and proposed legislation and suggests high-level practical considerations companies should consider as they analyze whether emerging privacy requirements apply to their business practices and offers guidance on how to address each one.
The introduction of the European Union’s (EU) new privacy regime—the General Data Protection Regulation (GDPR)—in May 2018 initiated a marked shift in the global privacy standard. Soon thereafter, in June 2018, California enacted a landmark privacy law, the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. The CCPA directly impacts operations of businesses servicing California consumers and has also overhauled the U.S. approach to privacy regulation and created momentum for other U.S. states, and potentially the U.S. Congress, to introduce sweeping new privacy requirements.
At their core, these new privacy laws inform—and in effect govern—how organizations collect and process data about individuals. Since apartment firms often collect, use and maintain vast amounts of information about residents, prospective residents and employees, evaluating the scope and potential impact of the constantly evolving privacy and security regulatory landscape is critical to maintaining successful business operations free from regulatory or consumer backlash. Relatedly, the industry’s use of and reliance on smart home technology likely will create additional complexities and challenges in managing and implementing information governance programs.
The impact of these new standards on U.S. businesses is important for three key reasons. First, many of the new regimes are intended to be industry agnostic. This means that traditional exceptions or carve outs for certain industries may not be available, and sector-specific considerations may not be taken into account in the development of new requirements.
Second, legislators and regulators are imposing privacy requirements beyond jurisdictional borders. The laws seek to regulate businesses processing information on their constituents, regardless of the physical location of the company. This means that businesses that collect information on individuals located in multiple jurisdictions can be subject to numerous laws, often with differing, and potentially conflicting, requirements that can create implementation and compliance challenges.
Finally, and perhaps most importantly, emerging privacy laws have increased companies’ liability and risk exposure with respect to the storage and processing of individuals’ data. Again, this NMHC white paper provides an overview of the emerging data privacy regulatory landscape, highlights potential associated challenges and offers practical considerations to help apartment firms navigate the complexities of the rapidly evolving frameworks.