In this age of Internet information sharing, protecting your clients' personal and property information is more than just a duty; it's a practice that ensures their trust and safeguards your reputation.

Yet there's uncertainty among brokers over what they need to do to ensure they're approaching information security appropriately—or even whether there's a legal requirement to take any action related to privacy.

With privacy issues evolving, what you're required to do depends on how you collect and use your customer information—and in some cases what state you live in. If you're in California and you operate a Web site, for example, you're required to post an information privacy policy on your site, period. What that policy contains is up to you; you're required only to disclose what information you collect and how you plan to use it.

Other states are following suit. Nebraska, like California, has a privacy law for commercial sites, and at least 10 states have Internet privacy study commissions or task forces in place, according to information on the National Conference of State Legislatures Web site (www.ncsl.org).

There are federal laws to consider, too. If you post an information collection policy and fail to follow it, you could be in violation of the Fair Trade Commission Act for misleading consumers. The Federal Trade Commission has enforcement powers over electronic media, e-commerce, and the Internet under several different acts, and has stepped up efforts to identify unfair and deceptive practices on the Internet, including practices related to how one collects information about consumers.

Additional laws come into play if you share your Web site with any financial affiliates, such as a mortgage broker, which may be regulated under other laws.

Given the evolving nature of privacy protection efforts, it makes sense to establish procedures to protect the information you gather. But don't think you can create a policy on the cheap by adopting the language you find on other brokers' sites. Under the law, privacy policies are considered implied contracts between a business and its customers. If the language you adopt doesn't describe how you're collecting and using data, you could be exposing yourself to liability.

That said, here are five items to include in a policy:

Notice and disclosure. If you collect data from visitors to your site, take stock of what data you gather, how it's collected, and with whom it's shared or sold. Then write a policy around these practices.
Choice and consent. Include an opt-in or an opt-out clause. With an opt-in approach, you can't share your clients' and customers' data unless they say you can; with an opt-out approach, you can share your customers' data unless they say you can't. Many consumers feel they have more control with the opt-in approach.
Access and participation. Give your customers the right to modify or delete data at any time.
Security. Outline your methods for protecting the integrity and security of your clients' and customers' data.
Redress. Offer a dispute-resolution option, such as mediation or arbitration, for people who believe their information was used in a way counter to your stated policy. Have an attorney look at your procedure to make sure it's enforceable under the law.

Integrating data security into your business isn't just the right thing to do; it's a practice that generates consumer trust and loyalty. What's more important to your business than that?

Wesley, a privacy and information security lawyer and consultant and real estate broker, is CEO of Privacy Solutions Inc. in San Diego and chairs a state privacy committee. You can reach her at darity@privacygurus.com.

06/21/2004 12:26

Reprinted from REALTOR® Magazine (http://www.realtor.org/realtormag) with permission of the NATIONAL ASSOCIATION OF REALTORS®. Copyright 2004. All rights reserved.

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619)670-9462 or Darity@privacygurus.com