SAN FRANCISCO – Coming to a state near you: privacy laws. Data breaches at major information houses this year have put consumer data protection high on everyone’s radar, and the real estate industry is watching closely.

“Ninety-eight percent of Americans are concerned about data protection,” said Darity Wesley today during a real estate IT security workshop as part of Real Estate Connect 2005. Wesley is an attorney who has focused on privacy issues and now works as chief privacy guru at Privacy Solutions, where she helps companies create and enforce policies to protect sensitive customer information.

Wesley noted the national attention that’s surrounded major data breaches around the country this year at ChoicePoint and other companies. “It’s going to be one of us in the not-too-distant future,” she said. “And when it happens you’re going to have to notify people.”

Real estate companies house all sorts of sensitive consumer data, from intricate financial information to what hours people selling their houses are away from home to allow for showings to prospective buyers.

Sixteen states have already passed some form of information protection law that requires companies to notify customers when their data has been lost or stolen, Wesley said. They are Arkansas, Connecticut, Delaware, Florida, Georgia, Illinois, Indiana, Louisiana, Maine, Minnesota, Montana, Nevada, North Dakota, Tennessee, Texas and Washington.

New York, New Jersey and North Carolina have information protection laws awaiting their governors’ signatures. And an additional 14 states have introduced similar bills. They are Alaska, Arizona, Maryland, Massachusetts, Michigan, Missouri, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Virginia, West Virginia and Wisconsin.

Real estate companies should be looking into creating and implementing information protection policies within their organizations if they haven’t already, and Wesley said that a good starting point is to look at your state’s notification law. “Look at what your state has passed and start basing your policy on that,” she said.

According to Wesley, some basic elements of a company’s information protection policy should define: who in the company can have access to sensitive information; how sensitive information is to be stored and transmitted (i.e., is it encrypted, archived or unencoded?); which systems store sensitive information; what levels of sensitive information can be printed on physically insecure printers; and how sensitive information is to be removed from systems and storage devices.

Policies also should define what constitutes sensitive information and provide guidelines for gauging the “sensitivity” levels of that information, Wesley said.

“Failure to establish proper IT policies and procedures creates a void,” Wesley said. The company is left with no framework for handling sensitive data and potential breaches.

Some audience members asked for advice on good methods to convey to their clients the value of security measures. Wesley replied that education is key and said that she often uses examples of identity theft to get the message across because people can relate to that on a personal level.

Education should not be restricted to clients and business partners, though. Wesley stressed the importance of educating management from the top down.

Matt Cohen, chief technologist for Clareity Consulting, which sponsored the security workshop, also said that it’s important for high-level management to be educated on security issues because they are the ones who will have to push for it from their technology vendors. Cohen said he talks with software vendors all the time that provide systems for real estate companies and they say they aren’t working on data protection features because no one is asking for it.

The bottom line, Wesley concluded, is that when real estate companies understand and implement IT policies and procedures, it provides a shield from possible public relations disasters and from potential liability, “both of which are critical to a continuation of your business and trust from consumers.”


Send tips or a Letter to the Editor to or call (510) 658-9252, ext. 133.

Show Comments Hide Comments


Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Thank you for subscribing to Morning Headlines.
Back to top
Only 3 days left to register for Inman Connect Las Vegas before prices go up! Don't miss the premier event for real estate pros.Register Now ×
Limited Time Offer: Get 1 year of Inman Select for $199SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription