Not as obvious as you’d think
Realtors, do you know the full risks of hosting sensitive client documents on popular cloud hosting sites like Dropbox? This is not an article meant to freak you out, rather point out some issues that are not well known by most people and no, we’re not talking about hackers.
No, the public doesn’t see documents you post on Dropbox and they’re not stored on a hacked server, but it has recently come to light that employees at Dropbox and other file hosting services do have access to all of your files. Upload a loan app in a private session and no one sees it but you, your client and… potentially Dropbox employees.
Recently, Dropbox revised their proclamation of how secure their data is which has resulted in a lawsuit claiming Dropbox misled customers about its encryption process and privacy policy. Dropbox once claimed they encrypted all files and no employees could access files but their newly revised privacy policy notes otherwise.
A phone call you might want to make…
We do not believe anything sinister has or will occur, but you should remember that when you’re uploading items to the cloud, it’s not just your eyes and your client’s eyes- do you trust cloud server employees with your client’s social security number?
Maybe some documents should be kept in a fully encrypted environment and if you’re not sure if the services you’re using to share or obtain signatures are fully encrypted so that not even employees of the service can see, you should probably call them directly and ask.
Wayne Harriman
May 19, 2011 at 7:05 am
Good to know, even if nothing does happen. Is this issue the same at other cloud based document hosting services, such as Box.net or Google Docs?
Lani Rosales
May 23, 2011 at 12:54 pm
I can't say first hand as I have not reviewed the contracts, but I don't *believe* so.
Tina Merritt
May 19, 2011 at 9:37 am
IMO, it's not necessary to have our client's SSN on anything with regard to their real estate contract forms. If I see it, I black it out immediately as I don't want any liability with regards to their identity security. The lender and title company need their SS#, not me. I let them handle that and don't get put in the middle.
Lani, this is such an important issue. If people just stopped to think before giving out their SS#, maybe there wouldn't be so many problems with identity theft. I recently had to fill out a camp registration form for my son and they asked for his SS#. Why? They don't need it so I didn't fill it in.
BTW – AG rocks 😉
Lani Rosales
May 23, 2011 at 12:54 pm
Tina, I agree, but people do it anyhow!
Thanks for the compliments, YOU rock! 🙂
Jason Chandler
May 20, 2011 at 10:00 pm
There is a fix for this I found over at https://www.onlinemediadesigns.com/blog/item/174-encrypt-your-real-estate-dropbox-files-using-secretsync.html