January 17, 2007Taxation Committee Federal Issues CommitteeThe following is for study only and has NOT been approved by the Board of Directors.Issue: Should C.A.R, in conjunction with NAR pursue a small business exclusion in any federal data privacy legislation and oppose federal preemption of more consumer-protective state data privacy laws?
Action: Action is requested at this time to update current policy in order to address upcoming proposed legislation.
Options: 1. Support 2. Oppose 3. Neutral 4. Not Real Estate Related 5. Other
Status/Summary: The 109th Congress ended with multiple data security bills introduced, but no consensus on a final bill for passage.
The largest area of contention was whether the new laws should favor a pre-emption approach for all states (which favored businesses) or whether each state should be allowed to set their own rules as long as they did not go below the newly set federal standards (which would favor the consumer). The major debates rested on what entails a breech that must be reported (suspected breech, potential risk for data misuse, known breech only, etc...), how much power consumers may have over correcting credit errors, and payment of credit-monitoring services.
In the end the House passed numerous and varied versions of data security bills out of multiple committees; but none made it to the House floor for a vote. With the change in leadership there will be a move to find a consensus for a single data security bill. With the Democratic leadership, it is likely that this bill will be more consumer friendly then some of the data security bills seen in the 109th Congress. However, there may still be issues of turf battles between competing committees and resistance from the Republican minority.
Background: There have been numerous publicized events of breeches of data security that have caused more attention to be paid to this issue. Highly publicized breeches include: The Department of Veteran’s Affairs, CitiFinancial, Card Systems Solutions, and most recently the University of California, Los Angeles.
All of these events have increased the call for the government to help protect consumers from identity theft. This can have far reaching influence on both businesses and consumers as most companies store consumer data on either electronic or paper format. Whether it’s a national credit company, a mortgage company, a consumer data research company, a local insurance agency, or even a REATLOR® who stores their clients information on buyer/seller agreements, business often have a valid business reason, or legal obligation, to keep and store this information.
There is the need for protection of this electronic and paper data as incidents of identity theft have been increasing over the past years. However, there is also the need to not put too large of a strain on small businesses. REALTORS® are starting to keep more information on electronic format, but many still use only paper format for their business. Currently most bills only address electronic data, but there are chances that thebills can expand to also cover sensitive data kept on paper format.
While a large organization may be able to afford some of the expansive efforts being proposed, the same responsibilities on a small business could easily lead to an inability to continue operations. The large cases of electronic identity theft that have prompted the calls for action are occurring at sources where massive amounts of information are available in hundreds of thousands to millions of different identities that a place such as Card System Solutions would store.Impact on REALTORS®: REALTORS® keep records for their business that may contain information covered in the anticipated data security bills in both electronic and paper formats. It is important that any data security legislation recognize that fact that real estate brokerages are not able to put in the strict and expensive encryption or other security programs that a business such as Citigroup will be able to afford. While there is a need for protection of data, small businesses are not the targets of these data thefts and cannot afford the expensive security measures being asked. REALTORS® also need to make sure that this protection covers both data and paper documents as many REALTORS® keep their records in only paper format.
NAR Policy: In November 2006 NAR took policy on data security which stated“That NAR pursue a small business exclusion in any federal data privacy legislation and oppose federal preemption of more consumer-protective state data privacy laws.”C.A.R. Policy: C.A.R. has taken stances on state data security issues in the past, but never on a larger federal policy on data security. Past C.A.R. concerns have been making sure that REALTORS® are still able to access public records as part of their practice and services. C.A.R. has looked to make sure that personal identity is protected, while still allowing Real Estate Professionals the access to the public information needed to do their jobs. C.A.R. also has a long-standing policy against federal preemption.