Duty of Realtors to keep sensitive data safe.

data securityThis Realtor Mag article reviews what all those who are involved in a real estate transaction need to know concerning keeping sensitive data obtained during the transaction safe.

Brokers, coordinators, assistants, and agents all have responsibilities to keep data secure. Are you doing everything you could be to protect your clients? We combed through the National Association of REALTORS®’Data Privacy & Security Toolkit to bring you these tips.


  • Make sure you have up-to-date policies on how to handle the storage, retention, and destruction of documents, databases, and e-mails. Ensure that everyone involved in your business receives regular training on the policies. Ask your lawyer to look over your policies to make sure you’re in line with any and all privacy and data laws that have jurisdiction over your operations. Make sure employees and independent contractors understand that abiding by your company’s data security program is an essential part of their duties.
  • Provide employees and agents with data security training before granting them access to personal data.
  • Strictly limit access to data. Know which employees/agents have access to personal information, and make sure anyone with access has a “legitimate business need” for the data. Have a procedure in place for ensuring that workers who leave your brokerage no longer have access to personal information.
  • Make sure you know all the computers or servers where personally identifiable information is stored, and who has access to those computers and servers. Also, identify all connections to those computers/servers (via mobile devices, branch offices, etc.) and assess the vulnerability of each connection.
  • If your agents or employees can use mobile devices to connect to your network or to transmit personal information, make sure they have password protections on their devices.
  • Regularly run up-to-date anti-virus and anti-spyware programs on your computers and servers. Also, engage an outside company to conduct a regular security audit of your system.
  • Prohibit sharing or posting passwords.
  • Configure company computers so individual users can’t download software or change security settings without approval from IT.
  • Encrypt sensitive files, especially if you allow remote access to your network by employees, agents, or service providers.
  • Before you outsource any of your business functions, investigate the company’s data security practices, compare their standards to yours, and ensure they adhere to all applicable federal and state laws regarding data security. Find out how often they perform security audits and insist that they notify you of any issues or vulnerabilities in a timely manner. Learn more about negotiating a contract with data storage companies.

Agents and Staff

  • At the end of the work day, put all files away, log off all computers and mobile devices, and lock all file cabinets/office doors.
  • Don’t store personally identifiable information on any computer unless it’s essential for conducting your business. If personal information does not need to be accessible on your mobile device or laptop, remove it permanently.
  • Regularly run up-to-date anti-virus and anti-spyware programs on your computers and mobile devices.
  • Use a firewall — software or hardware designed to block hackers — to protect your computer online.
  • Use strong passwords. The longer, the better. Mix in letters, numbers, and characters.
  • Use password-activated screen savers to lock mobile devices and computers after a period of inactivity.
  • Never reveal passwords to others, even if they identify themselves as IT professionals inside your organization. No one should be asking you to reveal your passwords, and if they do, it could be a sign of “social engineering,” a way in which hackers gain access by conning people into revealing secure information.
  • When you use a product for the first time, always change vendor-supplied default passwords immediately to a more secure, stronger password.
  • Encrypt sensitive information that you send to third parties over public networks. When you receive or transmit sensitive financial data online, use Transport Layer Security or its predecessor, Secure Sockets Layer, to protect the information.
  • If you use a laptop or personal computer to store personal information, encrypt the data locally. There are many free or low-cost encryption services you can use, depending on your device type.
  • Notify your broker immediately if you are aware of any potential security breach, such as a lost or stolen laptop or a possible virus.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s