Multi Housing News April 2012 : Page 42
OPINION perspective The Dangers of Data Breach Apartment companies face challenges in keeping personal information safe By Jeanne McGlynn Delgado and Amy Jo Beranek, NMHC easier and more effi cient. In 2011 alone, there were 558 reported U.S. data breaches resulting in the dis-closure of personal information for more than 126 million people. As instances of data breach have skyrocketed, so have the costs; the Privacy Rights Clearing House estimates that data breach last year cost companies roughly $7.2 million per incident. Nightmare scenarios look similar to Sony’s mas-sive breach of its online video game network in 2011. That single breach led to the theft of names, S Breach Bills in the Works While there are a number of privacy and cybersecurity proposals circulating in Congress, the fol-lowing appear to be gaining the most traction. Though different in scope, the fi rst two bills create a national standard for data privacy protection and data breach notifi cation. A third bipartisan proposal focuses on protecting the nation’s critical infrastructure and offers a potential platform for future data privacy and breach notification amendments. The “SAFE Data Act” (H.R. 2577) introduced by Representative Mary Bono Mack (R-Calif.) The “Personal Data Privacy and Security Act” (S. 1151) introduced by Senator Patrick Leahy (D-Vt.) The “Cybersecurity Act of 2012” (S. 2105) introduced by Senator Joe Lieberman (I-Ct.) addresses and credit card information of more than 100 million users and cost the company more than $171 million in damages. These frightening statis-tics led to 2011 being dubbed the “Year of the Data Breach.” However, increasingly smaller business operators are fi nding themselves facing similar is-sues, albeit on a more limited scale, as hackers and unscrupulous employees exploit weaknesses in their data and privacy systems. Apartment owners and managers are particu-larly vulnerable to data breaches and the ensuing liabilities. They collect, use and maintain heaps of personal information through both renter and employee application processes, as well as other op-erational functions. Personal information typically 42 April 2012 | Multi-Housing News enhances productivity. However, the portability of a tablet, laptop or smartphone, also increases the chances of a device—and its contents—being lost or stolen. Third-party payment processing systems repre-sent another example of technology changes. They enable residents to pay their rent online, reducing a management company’s administrative costs while adding convenience for residents. However, they are also a potential additional point of exposure for information theft, that is unless protective mea-sures are in place. Social media also poses some threats for data breach. Property managers use social media as a re-cruiting tool for prospective residents and employ-ince 2005, data breaches have more than tripled as advances in technology have made the collection and sharing of information includes the subject’s name, address, social security number and driver’s license number, as well as ad-ditional information found in leases, financial re-cords, insurance records and other documentation. The apartment industry has not only shifted from storing these records as hard paper copies to web-based, digital documents, but the technology they are utilizing to do so is also changing. For example, more companies are providing leasing and other on-site staff with tablet computers. When com-bined with the benefi ts of mobile applications and cloud computing, tablets are not only trendy and appealing but also an effi cient business tool that ees, as well as a means of building a sense of com-munity for current residents. In doing so, they also create a public platform for hackers to access when trying to steal data through malware. Moreover, the fact that employees are using company computers and devices to access their personal social media ac-counts places employers at greater risk of a hacker’s malware being downloaded. The increased reliance on technology and its always-advancing nature has led many to think of data breaches strictly in terms of external cyber attacks. Yet human error and negligence remain the largest cause of breached data. A simple blun-der like forgetting to lock a fi le cabinet or leaving a thumb drive on a desk can be all it takes to put personal information into the wrong hands. That is why having a quality data-security program in place to both prevent data theft and identify steps to ad-dress potential data breaches is critical. To date, at least 46 states and the District of Columbia have state data breach laws mandating certain security and disclosure requirements. The 112th Congress is currently addressing at least 20 pieces of legislation related to these threats. De-spite bipartisan agreement that privacy legislation is needed, there is a lack of consensus over the specifi cs of such a bill—the scope of personally identifiable information, the definition of a breach, the timeframe for notifying the consumer about a breach, among other considerations—causing the proposals to stall. NMHC/NAA continue to follow the various proposals to ensure any measure that advances includes reasonable protections and disclosure re-quirements and does not impose overly burdensome compliance obligations on apartment firms. MHN Jeanne McGlynn Delgado is the National Multi Housing Council’s vice president of business operations and risk management policy. Amy Jo Beranek is a legislative analyst with NMHC.
Using a screen reader? Click Here