Keep Personally Identifiable Information Out of the Leasing Office
The protection and privacy of a prospect’s or resident’s personally identifiable information should always be front of mind for apartment owners and managers. In July at RealWorld, the annual RealPage user conference, a collection of industry professionals shared tips and best practices for maintaining data security and protecting resident privacy.
One popular discussion point was that keeping personally identifiable information out of the apartment leasing office is the first step toward properly securing the privacy of this important data. Another was keeping close reigns on third-party vendors, like collectors, that share personally identifiable information.
All agreed that property owners relish the day when a prospective resident fills out that application for residency, but punching in that applicant’s social security, credit card or any other personally identifiable information can turn smiles to frowns if the data is violated. Sensitivity to personally identifiable information has heightened in recent years because of increased information technology and the potential for obtaining information through Internet breaches and network security.
Any time names, social security numbers, driver’s license number, addresses – things typically required during the leasing process – are collected, certain rigorous privacy requirements are triggered. The property has an obligation to keep that information secure, panelists said. When data is breached, the attorney general is notified.
Apartment industry executives said that personally identifiable information affects the property, not just consumers, when employees handle that information. Special precautions should be taken.
The good news is that there are a few electronic tools that can help, but a couple of common practices are the first step.
Don’t Keep Paper Copies of Sensitive Information
A great first step towards protecting sensitive information is keeping it out of the leasing office in the first place, said one property representative. One technology solution is online document management, including online leasing systems, that discourage employees from collecting a social security number or driver’s license number for an application.
If information must be taken on paper, upload the data to the document management system so it’s encrypted. Shred the original information and dispose of it properly.
Also, it’s okay to ask an applicant to verify identity with a social security card or driver’s license, for example, but just don’t copy the information. If you must, again, shred as soon as possible.
Another way to avoid compromised personally identifiable information is to eliminate payment drop boxes, which have been prime targets for vandals in the apartment industry. Encourage residents to pay online so that paper checks don’t end up in a landfill and in the wrong hands.
Knowing Your Collectors
Many apartment properties post privacy policies that address how personally identifiable information is collected and used, as well as statements regarding sharing information with third parties like debt recovery specialists.
One property executive said that apartments should be thorough about how personally identifiable information is handled when working with other agencies, like bill collectors. Even though management may enlist a vendor to handle the information, the property can still be held accountable.
Said one executive, “As an owner or manager, don’t just look at how you protect the information, and don’t just think about how document management helps you, but take a look at your partners. Don’t forget what most of your collection agents that you pass a ton of personally identifiable information to every single month are doing with it.”
“The reality is you’re still going to be liable. If they have a breach it’s going to go back to you.”
Does your property have a handle on personally identifiable information?