A new Congress is in full swing here in Washington and policy agendas are shaping up for 2011. In the technology area, a perennial hot issue is privacy and data security. I recently attended the Congressional Internet Caucus Advisory Committee’s “State of the Net” conference; an annual must stop on every tech policy wonk’s conference circuit.
Among the many issues examined was data privacy and the growing trend towards industry self -regulation. Recently, both the Federal Trade Commission and the Commerce Department issued reports encouraging industry to implement privacy self-regulatory programs.
Simply stated, self-regulation is a structure where the industry defines the privacy promises it makes to its customers then, once the promises are defined, a third party (usually a government regulator) steps in to enforce the promises. The theory is that the industry itself is best situated to create principles or promises for consumers that reflect the unique characteristics of a particular industry. Several industries have recently implemented privacy self-regulatory programs including the online advertising industry and the electronic retailing industry.
Why is Privacy an Issue for REALTORs?
NAR conducted a survey last year of member data collection practices and their awareness of privacy as a critical business issue. What we learned was that REALTORs collect a great deal of sensitive personal information from their clients but have an alarming low awareness of the need to implement privacy and data security practices. To help address this, NAR created a Data Privacy & Security Toolkit (you will need your NAR NRDS number to access) to help educate our members about this important topic. This no doubt is only a first step in a longer process to educate the industry on issues of data privacy and security.
Why Self-Regulation?
We think that it is just plain smart for the industry to come up with its own set of privacy practices that take into account the specific characteristics of the real estate industry before the FTC or Congress does it for us. For example, in real estate consideration must be given to the fact that most agents are independent contractors. Principles that take into account the broker agent relationship will suit the industry better than one- size- fits- all approach.
I’d like to hear what you think. Does it make sense for the real estate industry to develop best practices and a self-regulatory program around data privacy and security? If so, what special real estate industry characteristics need to be addressed?
Matthew Hardy
February 23, 2011 at 1:41 pm
Years ago when speaking to large groups of agents on the topic of CRM for real estate, I’d tell everyone to “embrace all things PDF” and after a moment of blank stares, I’d explain what that meant and how eventually, our industry would be digitized.
Having also written a great deal of medical software, including interfacing one of the largest hospitalist corporations in the country with the government for HIPPA compliance, data security is something near and dear.
Of course, while keeping patients medical history private for a time held primacy over other kinds of data, that was before the proliferation of web-based technologies offered to all industries. More and more, I’m hearing from agents that they’re being queried by their prospects and clients: what are you going to do with the data you collect on me?
Indeed, in some of those past speaking engagements, I’d predict that agents would someday be faced with a seller sliding an NDA across the table as a condition of entering into a listing agreement. Since, I’ve had agents tell me exactly that has happened to them.
One particularly successful agent (many hundreds of transactions per year) told me that “if my clients knew I was uploading all the private info I have on them to some website, I’d lose their business.” Of course, while many websites are getting better at protecting themselves from malicious attacks, that to me is not the real concern. To think that some of these websites are not leveraging the data collected from their Realtor-customers for their own advantage would be naive. I recognize that this is more of a data ownership issue than strictly a privacy issue, but for me, it goes to the heart of the matter: why have many bought this idea that they must relinquish privacy and control to gain software-based business functionality? The internet, designed as a marvelously decentralized system is being sold as the “browser” when it’s real power comes from the network itself. Whereas some see a future where “the internet” is only Google, Facebook, Apple et al reminiscent of CompuServe, Prodigy and AOL, I see the growth of highly private systems where users and business owners enjoy absolute control and leverage over the data they collect while benefitting from standards-based portability and interoperability with vendor systems. In short, highly decentralized data stores utilizing external logic offered by web-based vendors.
We do not have to give up the value of decentralization – and the inherent privacy offered – to leverage computing for our businesses. I know, I’ve been developing these system for years.
Benn Rosales
February 23, 2011 at 2:01 pm
I believe resources are best served via education and urging protections through the networks being leveraged via Congress. At the end of the day, the Realtor can only control what is digitally communicated via their own resources. Once within a network not owned by the Realtor, then the commonality of TOS relinquishes the Realtor of the networks relationship with the client. I’m not an attorney, but it stands to reason that by inserting the Realtor into that relationship (network to consumer) you do open that Realtor up to possible litigation.
Realtors should however have clear and cut guidelines as to what data must be stored and kept and protected. Realtors should reasonably understand the concepts of data acquisition and their responsibility (ie logging into a Realtor website via Facebook transfers user data to that Realtor if the site is approved by Facebook). There are so many other examples it’s scary, but I do know that data collection by IDX is a new reality as well.