The commercial real estate industry is increasingly adopting proptech to unearth savings and business insights. But companies need to be careful. Security and privacy are two foundational components of a successful data analytics initiative. Ensuring the information is stored securely while adhering to the complex framework of privacy laws will be instrumental to a real estate organization’s success with data. Why? If the information is not kept safe or is used contrary to law or the commitments a business has made to consumers, companies will face fines, regulatory investigations and customer ire.
The Who, How and Where of Security
Companies need to understand who is collecting and storing their data, especially when that data contains personal information or sensitive business information. As recent high-profile data breaches and ransomware attacks in the real estate industry have shown, the proliferation of data processing and storage is extensive. If a company does not know where its data is located, then it cannot properly assess and mitigate the risk of third parties gaining unauthorized access to that data.
Knowing who is processing and storing data is only the first step. Companies should also assess the risk of how that data is being protected and where it is located. Before contracting with a third-party technology provider, a company should ask (and the provider should be able to deliver a clear answer) about the provider’s data storage solution. Is the data stored in an onshore or offshore data center? Is it stored in the cloud, and if so, can the provider commit to the data being isolated in particular cloud geographies? Is the data being encrypted while in transit and at rest? What other safeguards are in place to secure the data? Without having a firm understanding of these issues, companies risks significant financial and regulatory fallout.
The What, Why and How of Privacy
A real estate company should be thoughtful about the information it is collecting. In the age of big data and sophisticated data analytics, many companies espouse the philosophy of “collect everything and figure out what to do with it later.” But too much data collection can be operationally overwhelming and even lead to immoral biases when used carelessly.
What will be collected, why is it being collected, and how will the data be used must underpin every conversation about analytics. Collecting data responsibly and using that data for appropriate reasons creates operational efficiencies and builds trust with consumers and partners. Companies should maintain a clear, accessible privacy policy that is up to date. In addition to building that trust and creating a more effective data analytics operation, robust privacy policies and procedures protect against regulatory risk. The state-by-state patchwork of regulations across the United States is complex, and Congress may be looking to enact a federal privacy framework as well. International privacy laws are robust and evolving, too. It is vital that a real estate company develop a complete understanding of the totality of laws that apply to its use of data. Inadvertent missteps here can result in crippling financial penalties.
After all, the last thing one wants is for all the initial insights and benefits derived from an investment in proptech to be rendered an eventual loss by penalties and loss of consumer trust.
RELATED ARTICLES
Evaluating Smart Home Technology: It’s About More Than the Bottom Line