Connect with us


The $100K Email




 I’m not a lawyer, and I don’t play one on AG.

That said, while at GE I was pummeled with information security policies.  Non compliance was not an option and even the tiniest of infraction, even assumed, was taken seriously.  If, for example, during the nightly after-hours security inspection, a Post it was on a desk (or under a keyboard, mouse pad, phone, etc.) or in the trash with something resembling a password, it was reported, escalated and the offender counseled.  No matter that there was no indication what the alleged password may be to – information security was a top priority.  All documents were to be locked up or shredded before leaving for the day.

I appreciated that.  As a victim of identity theft years ago I have experienced the pain and hassle of clearing it up.  Now, with current economic woes, I think we will see instances of identity theft escalate.  What better place to shop for a top notch identity than among home buyers.

Are you protecting your client’s identity?   

You’re probably aware of the Gramm-Leach-Bliley Act (GLB) formally known as the Financial Modernization Act of 1999.  I’ve read numerous opinions on how exactly it applies to Realtors® and agents, and I’m not an expert in that area.  That said, here are some basic provisions regarding protecting a customers’ non-public information in a GLB compliant manner.

In a nutshell GLB is aimed at financial institutions and is enforced by eight separate federal agencies and the states. GLB provides for a fairly broad interpretation of the phrase “financial institution” and not only affects banks, insurance companies, and security firms, but also brokers, lenders, tax preparers, and real estate settlement companies, among others.

A few things to know:

  • Data should be encrypted in storage and in transit.
  • Both non-public & public information must be protected.
  • Compliance is not limited to IT.
  • Annual privacy policy information should include more than a Web page.
  • Businesses must keep tabs on third-party providers.
  • Data you don’t need should be destroyed.

Financial institutions are responsible for:

  • Insuring the security and confidentiality of customer records and information.
  • Protecting against any anticipated threats or hazards to the security or integrity of all records.
  • Protect all information against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

The following is considered personal information (in paper or electronic form – list non-exhaustive):

  • Names
  • Addresses
  • Phone numbers
  • Bank and credit card account numbers
  • Income and credit histories
  • Social Security Numbers
  • Phone numbers
  • Other financial and tax information

Data in motion

Data should be encrypted in storage and in transit.  “In transit” means email and instant messaging.  Both are easy ways for confidential information to leave the organization in an unsecured manner.  If a customer experiences identity theft, you could be at risk if you (or anyone involved in the transaction on your behalf) are sending non-public personal information in an email, or as an attachment to an email. 

Penalties for Non-Compliance

Violation of GLBA may result in a civil action brought by the U.S. Attorney General. The penalties include those for the company of up to $100,000 for each violation. In addition, “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation”. Criminal penalties may include up to 5 years in prison.

How will they know?

If a customer experiences or suspects identity theft and retains a lawyer in to find the responsible party, the lawyer will typically hire forensic computer experts who comb through huge volumes of e-mails looking for a smoking gun, in the form of certain words and phrases.  They can find it, even if you’ve deleted it.

Consult an expert

Take a walk around your office after most people have left.  If you see files on desks, that’s a sign a check-up is in order.  An information security consultant or expert should be able to review your processes and systems to ensure information security.

What are you doing to ensure your clients’ identities remain safe under your watch?

Brandie is an unapologetically candid marketing professional who was recently mentioned on BusinessWeek as a Top Young Female Entrepreneur. She recently co-founded consulting firm MarketingTBD. She's held senior level positions with GE and Fidelity, as well as with entrepreneurial start-ups. Raised by a real estate Broker, Brandie is passionate about real estate and is an avid investor. Follow her on Twitter.

Continue Reading


  1. Matthew Hardy

    June 4, 2009 at 12:24 pm

    Excellent post. I used to write medical software for universities, hospitals and corporations and when HIPAA came along things needed to be screwed down pretty tightly.

    In my earlier years in the real estate software business, I predicted that one day sellers would slide an NDA (non-disclosure agreement) across the table during a listing appointment requiring that the agent not store important private information on a website. In one of my recent talks before a group of agents, a woman said exactly that scenario happened to her recently. Consumers are indeed getting more attuned to data privacy issues.

  2. Joe Loomer

    June 5, 2009 at 12:23 pm

    Awesome Brandie. In my past life as a Navy Cryptologist, procedures for handling and storage of any classified materials – or the ubiquitous “Official Use Only” stuff – was a constantly monitored, drilled, and re-drilled affair. There where instructions, regulations, directives, posted orders, posters, you name it. “Loose Lips Sink Ships” and all that. The rationale had nothing and everything to do with identity protection, but the premise is the same.

    Thanks for this awesome refresher for those of us who need to take another look around the office and our other data storage mechanisms.

    Navy Chief, Navy Pride

  3. Ken Montville - The MD Suburbs of DC

    June 5, 2009 at 12:34 pm

    I suspect that if you mention a particular color is purple and it is later determined to be lavender, fuchsia or mauve you can be sued. Some of the lengths we are required to go to in order to facilitate the smooth and orderly transfer of real estate from seller to buyer are mind boggling.

    I’m not going to invest in super secret double dog dare Get Smart Cone of Silence technology with a bullet proof titanium briefcase hand cuffed to my wrist while being accompanied by two burly escorts just to get a contract and all the appropriate addenda from point A to point B.

    I’ve just now reached the point where I can send offers and documentation to an individual agent (vs the office fax for the world to see) and receive documents into my individual e-mail (vs getting lost at the office fax machine).

    Yeah. It’s important to be careful and respectful or people’s information. The scenario you lay out is just plain crazy. The world has gone nuts.

  4. Brandie Young

    June 5, 2009 at 5:18 pm

    Hi Matthew – thanks for your comment. That’s interesting … bringing an NDA to the table. It’s good consumers are aware!

    Hey Joe – good to hear from you! Yep, same premise …

    Hi Ken – yep, we do live in a litigious society. I hear you on “over-buying” technology – but that’s not at all necessary. Secure servers for data storage should be a part of your business practice, as should proper document disposal (shredding). FYI, sending docs over email …. EEEEEK (as Ginny Cain would say). That’s not secure – and you could face some steep fines if it’s determined that as a result of such an email a person’s confidential info was compromised. The fax is (in transmission, the part about “all the office to see” is another animal). I don’t know … I’d rather work with the guys that go over the top to protect my identity that worry about it.

  5. Matthew Hardy

    June 5, 2009 at 6:56 pm

    @ Brandie “sending docs over email”

    (…trying my best to stay within good guidelines…)

    Documents from our software REST can be output as PDF and password protected. A password can be required to open the PDF and/or to print, edit or copy text and images.

  6. Atlanta Real Estate

    October 2, 2009 at 3:54 pm


    Going back and reading interesting posts here. Very interesting post and very true information.

    When I was selling EDA Software, a ot of it was into Defense Contractors. Same level of security with those guys. Just getting in and out of the building was a major chore.

    Anyway, good post,

    Rob in Atlanta

Leave a Reply

Your email address will not be published.


The problem with a self-policing industry: you have to be a narc

Ethics violations in the real estate industry can make or break a Realtor’s career, depending on the severity, so it would stand to reason that all would be mindful of the rules, but there are always individuals in the field that act as if the Code of Ethics is irrelevant.



An animated discussion on ethics training

“Does anyone else find it ironic that NAR – the trade association for Realtors – has to mandate that members take an ethics class every four years?” An agent who attended one of my company’s broker opens yesterday posed that question to the wine and cheese grazing attendees. Of course, that opened up an animated discussion on the value of etchics training and the lack of enforcement when the rules are violated.

One agent volunteered that the guy sitting next to her in her last ethics class played games on his cell phone and then cheated during the test at the end of the class. Seriously, dude? You cannot even pay attention long enough to pass what should be the easiest test you’ll ever have to take in your career? Perhaps he was just seeing how far he could push it by cheating during an ethics test, to see if anyone else around him caught the extreme irony there. None of the other agents around him – including the agent he cheated off – turned him in and the instructor didn’t notice.

This same agent later called one of my sellers and tried to convince him to break a listing contract with me, because he had a “guaranteed buyer” in the wings. The seller was an attorney, and this bozo tried to get me cut out of the deal, offering the seller a reduced fee to dump me. The seller held firm and directed the agent to call me, then the seller called to let me know about the conversation.

“But you know if you file something the other agent will know.”

It gets better. After the deal closed, I requested paperwork from our local Board of Realtors to file an ethics complaint. The person in charge said, “But you know if you file something the other agent will know.” Gee. Really? I asked her to send the paperwork over anyway.

I called the seller/attorney and asked him to repeat the conversation to me, because I was documenting it to file a complaint. He turned wishy washy on me at that point and his story changed from “The other agent tried to get me to dump you as the listing agent to cut you out” to “Well he really only asked a few questions and I told him to call you. He probably didn’t mean any harm by it.” So there goes my star witness, who doesn’t want to rock the boat.

I didn’t file the complaint. I resorted to the “turn the blind eye but never trust the sleazeball again” path. And that is what happens to almost all ethics issues I hear about / see in person.

That’s what happens when you have a self-policing group of “professionals” who would rather not “narc” on a fellow agent. After all you’re probably going to end up on the other side of a deal from this guy some day, right? The guy in my example has sold two of my houses since that run-in. Why tick him off by filing a complaint and going through all that hassle? If he stops bringing buyers to my properties then my sellers ultimately lose, right?

Boiling down the CoE

The NAR Code of Ethics takes up pages and pages of tiny print, and it runs each year in their trade magazine (I think it’s the January issue). Does anybody read that? Probably not many. I’d argue none of us ever should have to read it again. Simply follow this advice instead. The thousands of words in the Code boil down to one thing: Do unto other agents, and consumers, and clients, what you would have them do unto you. It’s the Golden Rule. Simple. Well, obviously not, for many agents and brokers.

The sad part is the agent in my example had no clue how close I was to filing that compaint, and if he did know he’d probably scratch his head and wonder why his actions were “wrong.” Making us take a one-day class every few years won’t “make” the unethical agents suddenly operate ethically. Most of them just don’t get it.

Continue Reading


Ethics hearings in private a disservice to consumers?



Fight Club and real estate

For those of you that saw the movie ‘Fight Club’ you’ll remember that Rule #1 is “You do not talk about fight club,” followed closely by Rule #2, “You DO NOT talk about fight club.” Which, believe it or not, brings me to today’s topic: The Real Estate Code of Ethics and Arbitration. Article 17 obligates Realtors to resolve fights disputes with another Realtor through arbitration (not litigation). Arbitration is conducted at the local board level, and I am not aware of a local board that doesn’t require arbitration to be confidential.

I respect that public internecine warfare amongst Realtors isn’t in the interest of our industry, and doesn’t belong in the public spotlight. I’m not here to advocate the collective airing of our dirty laundry. That said, I wonder if our collective agreement to keep our concerns confidential can inadvertently harm the consumer and ultimately makes all of us look a little shoddier?

To find the first arbitration guidelines created by NAR and distributed as a set of suggested rules for boards to follow, we have to travel all the way back in time to 1929. NAR’s first Code of Ethics & Arbitration Manual wasn’t created until 1973, and it credited a 1965 California Association of Realtors version as its model.

Appalling conduct

I can think of two instances in the past year where I was so appalled by the conduct of a fellow Realtor that I went to the trouble to inquire about how to lodge a Code of Ethics complaint with my local board. After weighing the time required to make a competent complaint and comparing it with the best case outcome (a closed-to-the-public hearing in which they were found to have violated the code of ethics), I decided not to pursue a complaint in both cases. My association’s bylaws (and probably yours) give it the power to discipline any member based on the results of a Code of Ethics hearing, “provided that the discipline imposed is consistent with the discipline authorized by the Professional Standards Committee of the National Association of REALTORS® as set forth in the Code of Ethics and Arbitration Manual of the National Association.”

“Sanctioning Guidelines” – (Appendix VII of Part 4 of the 2011 manual for the very curious), guides member boards to impose disciplinary consequences that are progressive and fair, taking all considerations into account. Sample first-time disciplinary actions include suggestions of a letter of warning, a fine (amounts range from $200 to $5,000 depending on the severity of the violation), and attendance at relevant education sessions. Not to sound defeatist, but a confidential letter of warning and a fine of around $200 doesn’t seem like an outcome worth investing much of my time in.

Practicing in the internet era

Given that we live and work in the internet era, and review sites like Yelp abound, it seems a bit odd to me that a local board might know of an agent with problem behavior that is documented yet choose to make that information unavailable to consumers. My understanding is that the results of a code of ethics hearing are confidential with disclosure authorized in a few situations, none of which deal with informing the public.

Many of my fellow colleagues feel that the best response to a bad agent is to be patient and give them enough time to work themselves out of business. I can respect and understand their hands-off approach. But what about the damage that individual does to our industry as a whole? While we whisper, warn in confidence and know amongst ourselves how awful they are, the public doesn’t get the benefit of our perspective. Deprived of it, they turn to consumer review sites like Yelp.

How do you think we, as an industry, can help consumers in their quest to find a trustworthy agent?

Continue Reading


Realtors, we really need to get over ourselves already



A letter from the child of a Realtor.

Real estate now vs. 1987

In Real Estate, some things are always changing, like financing, education, laws, rules and technology. The two that will always remain constant, as long as they are within the law, are following our clients’ directions, and working with their best interests in mind.  I’m not sure we always follow through with this, though.

Some of us knowingly take over priced listings.  Some of us take listings that are out of our area of expertise.  Some of us won’t show short sales or REOs.  Some of us won’t show homes with low co-op splits.  Some of us don’t have Supra/e-Keys, and miss out on those listings entirely.

Putting our interests first

When these things occur we are putting our own interests first, not our clients’.  We may think that by having as many listings as possible is a good thing, that’s what we’re taught after all, isn’t it?  It may not matter that some are overpriced, eventually, whether one month or four months down the line, the price will be reduced.  It’s just a matter of time and money, for our clients, after all.  The same can be said when we take listings outside our area of expertise, just to add on to our inventory.  If we don’t know what we’re doing, on a short sale listing, for example, it will only cost our clients a lot of time and money.  A lot.

By eliminating certain houses our clients see, that may already fit their criteria, we’re taking away their choices.  Distressed sales account for close to 40% of the market.  This is probably higher in some local markets.  There is no legitimate way to ignore roughly 1/3 of the homes being sold.  Co-op fees are often a touchy subject, especially when they are, not “enough.”  If everyone utilized a Buyer Broker Agreement that stipulated what their fee was, the issue would take care of itself.  Not being able to access listings with the use of Supra/e-Keys is a choice.   Choosing not purchase one will mean agents will not be able to access Fannie Mae (and eventually, probably additional Gov REO homes) along with the listings that are already using them.

Our priorities versus theirs

We totally need to get over ourselves already.  We are not bigger than our clients.  Our priorities are not more important than theirs when it comes to the actual listing and selling of homes.

Recently, my awesome parents dug through a few boxes and rounded up one of my first art projects. About 25 years ago I did the poster featured above about my Mom, and her Real Estate career.  It was for an Open House (no pun, honest!!!) for the elementary school where I attended first grade.  It was just, what she did according to me way back then.  Things are way more complicated now, than when I was six.  There’s a heck of a lot more paperwork for one.  But the same basic principle still applies.

Continue Reading

Our Great Partners

American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!