NMHC and NAA Viewpoint Congress should enact legislation that creates a national cybersecurity, data privacy and breach notification standard that preempts state law and is reasonable, flexible and scalable.
In the course of doing business, rental housing owners and operators, and their third-party service providers, collect, use and maintain a significant amount of highly sensitive personal data about applicants, residents and employees. This information is used in a wide variety of essential business operations but also makes apartment firms a target of malicious actors. Given the ever-expanding cyber-threat landscape, rental housing owners and operators have made defense against these vulnerabilities a top priority.
We are pleased that congressional leaders have placed data security and consumer privacy high on their agenda, and that lawmakers are calling for stronger requirements. As policymakers consider solutions to bolster consumer and data protection, NMHC and NAA believe that any federal legislation should provide for:
- A clear federal preemption of the existing patchwork of often conflicting and contradictory state data security, privacy and breach notification laws.
- A reasonable, flexible and scalable national standard for data protection. Specifically, when establishing compliance obligations, this standard must consider the needs and available resources of small businesses as well as large firms and the sensitivity of the data in question.
- A clear assignment of financial and legal liability to the entity that actually suffered the breach, particularly in the case of third-party breaches.
- A requirement that third-party service providers must notify their customers of any breach and allow them to notify the consumer of the breach if they so choose.
NMHC and NAA stand ready to work with Congress to create a federal data and privacy standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is secure.
Apartment firms increasingly operate across multiple states and must comply with a patchwork of 50 different state laws governing data security, breach notification and in some cases privacy standards. The current regulatory framework drives up costs, which ultimately affect housing affordability.
