What brokers need to consider about data security

As expert partners to their customers, real estate professionals must be thoughtful about our consumers’ online data

Discover the opportunities in a changing market at Inman Connect New York, Jan. 29 – Feb. 1. Jumpstart 2019 with tactical takeaways, unlimited networking and thought-provoking speakers. Learn more.

Thinking about bringing your team? You may qualify for special group perks! Contact us to learn more.

2018 was a defining year in the debate over how our online data should be owned and used. This year, for better or for worse, will likely be no different.

Real estate agents have a special relationship with their customers. They guide client decision-making, curate their information and have the obligation to ensure the ease and quality of their transaction.

Online data should be treated no differently. As expert partners to their customers, real estate professionals must be thoughtful experts about our consumers’ online data. What real estate websites are they using? Is their data being used in a way that benefits them? How will data be used to ensure a high-quality transaction?

Thinking about the use of online data is inherently tricky, since the value of putting your information online is driven by the same mechanism that makes it dangerous: accessibility.

The primary function of a social network is to allow your friends to seamlessly access your personal data, from your current location and job status to your personal interests and relationships. Unfortunately, that kind of aggregated and easily categorized information is ripe for both third parties and the service providers themselves to use for unsavory purposes.

In a few weeks, I’ll be part of a panel at the upcoming Inman Connect New York 2019 conference (Jan. 28-Feb. 1) to speak about data issues. As a preview, here are a few thoughts on how to classify and structure the data-related issues that face us. As with any other topic, data-related issues cannot be properly considered without understanding the nuances of the different types of potential problems.

While not exhaustive, there are two top-level categories of problems:

  1. Unintentional data breaches, where data entrusted to a company or a service is exposed, stolen or otherwise interfered with against the wishes of the company.
  2. Intentional data misuse, where the company or services use data in inappropriate ways.

Data Misuse Categories

Both categories are difficult to deal with. The first category is often about technology itself, risk management and liability. A company can have the best technology, the best policies and the best legal team, and still run into trouble when dealing with the most difficult of cases. As consumers, most of us have already been part of multiple data breaches, and some of us may even have had material harm done to us.

This category is always bad. It’s often criminals, unauthorized foreign entities and pranksters who benefit from these breaches.

Unfortunately, this is a rat race. As security gets better, hackers will adapt. The more valuable and hardened a target, the more creative and resource-rich the incursions become. More often than not, there’s much work to be done by the good guys to prevent these threats, but ultimately, I fear that this is a rat race where there may never be a clear end-game.

The second category, where companies are intentionally using data inappropriately, is a completely different ballgame.

To take a step back, companies use consumer data in many different ways, and one useful way to examine this is on a spectrum of consumer value.

On the one end are uses of data that add absolutely no value to the consumer. Selling consumer data to spam companies would fall onto this side of the spectrum, where there is virtually no benefit to the consumer, and it is, in fact, quite harmful.

On the other end are value-add uses such as recommendation engines that may use anonymized purchase data to better recommend products — no harm, mostly value.

The problem is, many data uses fall in the middle.

Where does targeted advertising fit? Yes, it may surface an ad that may benefit me as a consumer, but my browsing experience is now cluttered, let alone the “creepiness” factor. How about facial recognition? It’s great my photos are tagged automatically, but how else could this ability be used? And talk about creepy.

The two categories of “unintentional breaches” and “intentional misuse,” and the spectrum of data usage with or without consumer value, gives us a handy map to talk thoughtfully about the solutions and trade-offs that are available in our arsenal.

Remember, a company with the world’s most sophisticated data security could be using your data in inappropriate ways, while the most well-intentioned business could be leaking your data without anyone knowing.

A fantastically valuable service may be worth sharing your information with, while others may be offering a classic bait and switch. You need to be able to speak about these problems with sophistication, since a complicated problem requires a precise tool.

Join me, Leo Pareja (Remine), Eva J. Pulliam (Arent Fox) and our moderator Rebecca Jensen (MRED) at Inman Connect New York 2019 on Thursday, Jan. 31 at 4:20 p.m. as we dive deeper into the conversation about data security. Get tickets here.

Andrew Flachner is Co-Founder and President of RealScout, a San Francisco-based technology startup powering collaborative home search for many of the country’s largest brokerages. Read Andrew Flachner’s open letter to brokerage executives here.