The following is a post written by Hans Skillrud, Cofounder Termageddon LLC. We have recently partneted with Termageddon to help Real Estate Tomato clients maintain compliance with ever-changing Privacy Laws.
If you work in real estate, you have probably experienced the satisfaction of helping clients navigate the various challenges of finding a new home or putting one up for sale. To be successful, it is critical to not only build relationships of trust and understanding with clients, but also assure your clients that you have the expertise to fulfill their needs. It is likely the case that you did not expect privacy compliance to be a major concern for your business. Nevertheless, this is a reality for not just those working in the real estate industry, but for businesses of all kinds.
When websites collect personally identifiable information (“PII”), privacy laws govern how that PII is used and disclosed to others. PII can be defined as any piece of information that directly identifies, or may reasonably identity, a specific person. PII may include the following:
In some cases (though rare) real estate agent websites might ask to collect credit report info, bank account information, and social security numbers in order to get pre-qualified to purchase a home.
Real estate agent websites may collect PII via the following:
The above laws require websites to contain Privacy Policies. These policies must make a variety of disclosures pertaining to what information is collected from the individual, how that information is used, and who has access to that information. Check out our article on laws requiring Privacy Policies for more guidance on what privacy laws may apply to your real estate agent website.
A new development that is creating significant compliance challenges for businesses is the expansion of consumer control over how PII is collected and transferred. For example, the California Consumer Privacy Act allows consumers to “opt-out” of certain disclosures and transfers of PII to third parties. Moreover, this particular law requires businesses to make specific disclosures pertaining to their information collection and sharing practices within their online Privacy Policies.
With privacy laws in the United States and abroad continuing to evolve, it is critical to determine what privacy laws apply to your website so you can effectively respond. As these laws continue to change, the risk of incurring heavy fines and lawsuits only increases.
Noncompliance with applicable privacy laws can potentially result in significant fines and penalties. These fines may range from $2,500 per violation to €20,000,000 or more in total under European law. This “per violation” calculation is significant. It means that, even if your website only receives a handful of visitors on a weekly basis, the total fines incurred from violating the law can still be significant depending how often you collect PII from individuals.