"Identity theft is one of the fastest-growing crimes in the nation - especially in the suburbs," says Congresswoman Melissa Bean. The FTC receives over 250,000 reports of identity theft every year and USA Today reported that in 2007 an estimated 260 million records were stolen - that amounts to 8 records stolen every second of every day. One of the largest breaches to date occurred last year when TJ Maxx reported 45 million records stolen.
What are you doing Mr. Realtor® to prevent this from happening to you?
The critical important trend impacting everyone in real estate is the central focal point of trend #6 in the new 2008 edition of the Swanepoel TRENDS Report. According to the Report the protection of a customer's data has always been important, but it was largely taken for granted prior to the Internet. Most data prior to the Internet resided in paper format, was typically communicated through snail mail or delivery services and was kept in paper file folders. With the advent of computers and the Internet, data on any given real estate transaction is now stored in multiple databases and computers, transaction management systems, Internet websites as well as paper files.
"The main concerns for real estate brokers, agents and franchises are how to protect the data and information we are the custodians," says Swanepoel. "The responsibilities and legal exposure that real estate professionals have is much larger than they think " he cautions. With an ongoing push to have more real estate data online, that challenge increases and the problem becomes more complicated.
The 2008 Swanepoel TRENDS Report recommends that the key to success and minimizing exposure for real estate brokers and agents will come from evaluating, implementing and constant monitoring their systems. One seven point plan that they recommends comes from the Association of Certified Fraud Examiners. Below an extract from the Report:
1. Only hold personal data you need. Nonessential data can be a liability rather than an asset. Do you really need customers' Social Security numbers? Do you have to store their credit card numbers forever? Avoid gathering nonessential personal data, archive it after use rather than storing it in readily accessible customer master files, and discard or archive data for inactive accounts.
2. Keep personal data secure. Store data securely, preferably in encrypted form. Avoid storing personal data on laptops, PDAs and other mobile devices. Limit access to only those who need it. Have a full audit trail of who accesses each record. Restrict large-scale downloads and monitor employees for unusual access volume or timing. Ensure good physical as well as information systems security over personal data. Consider the security aspects of how you transmit personal data to customers and employees. Sending thousands of letters or e-mails with such data is asking for trouble, as they may be intercepted.
3. Do what you say you'll do. Only promise employees and customers a level of personal data security that you can deliver. Whatever you promise, ensure you adhere to it.
4. Make security a priority with your employees. Background checks are essential on all employees who will have access to personal information. This will not guarantee that you will be protected from employee theft -- studies show that employees who commit white-collar crime tend to be first-time offenders -- but it will help protect you from predatory employees.
5. Don't forget your vendors. If you use vendors to handle, process or store personal data, ensure that their data security measures at least equal yours. Require those vendors to sign nondisclosure agreements to protect that data. Insist on periodic security audits and vulnerability assessments to make sure your data is being securely handled.
6. Test your plan. Once you've put in place appropriate measures, have internal auditors or independent data security experts test them periodically, looking for holes. Its better that you find them before someone else does.
7. Plan for the worst. No matter how good your information security system is, there is always the potential for a breach. If a worst-case scenario occurs, be ready to deal with it quickly. Have a written response plan in place to deal with data recovery, customer notification, public relations, and legal issues.
Comments(12)