Concerns over data privacy have closely followed the explosive growth of the internet for both personal and industrial use over the past few years. It wasn't until the late 1990s that governments and businesses began to explore what privacy would mean for internet users in the nascent digital age.
Ultimately, privacy, at least digitally, has come to mean an individual's ability to control the terms under which their personal information is acquired, disclosed, and used. This type of information is commonly known as "Personally Identifiable Information" or PII. It may include information such as names, demographic data, addresses, and contact information as well as social security, driver's license, bank account, and credit card numbers.
Unfortunately, following the unrelenting growth of the use of PII, there has been a plague of data and privacy breaches that put the personal information of many consumers at risk. Many industries have enacted controls to safeguard this type of information, and the digital and business worlds are no exception.
The state of California has been something of a leader concerning privacy laws, with the state legislature voting to pass the California Consumer Privacy Act (CCPA) in 2018. The act will take effect on January 1st, 2020. If you run a property management business in California, you should be paying attention. Even if you located your property management business elsewhere, this is still a noteworthy event for several reasons.
What is the CCPA?
The California state legislature signed the CCPA into law on June 28th, 2018. The law goes into effect on January 1st, 2020. The government intended the law to do several things, and will allow a resident of California to know:
- What personal data of theirs is collected
- When their data is sold or disclosed (and to whom).
Additionally, the CCPA allows a California resident to:
- Refuse the sale of their data
Access their data
- Request a business to delete any personal data collected about them
- Avoid discrimination for exercising their privacy rights.
Additionally, a California resident may sue a business for failing to follow privacy guidelines—even if there is no breach of personal data.
So, Who Should Care?
The CCPA applies to any business or for-profit entity that collects the personal data of consumers and which does business in California, as long as that entity meets one of three criteria. That business must also:
- Have annual gross revenues above $25,000,000
- Possess the personal information of 50,000 or more individuals
- Earn more than half of its annual revenue from the sale of personal information.
Your property management business may or may not meet these criteria.
No doubt, you have a ways to go before you can crack that revenue or customer ceiling. However, this law is still a big deal, because California may be the first state to draw up such a sweeping ruling—but they won't be the last.
Even if you aren't doing business in California, you can expect similar legislation to start to appear elsewhere in the United States. Besides, customers will probably expect the same treatment from any business that handles their personal data. It won't matter to one of your clients that you don't make more than $25 million in a year if their data is breached, and your property management business was the source. PII is PII, and you're on the hook for safeguarding it as effectively as you can.
What Data Does the CCPA Cover?
The CCPA covers a broad array of data under its umbrella. The law protects information that "identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly," to a particular consumer or household. This includes commonly protected information such as:
- Real names
- Postal addresses
- Unique Personal Identifiers
- Online Identifiers
- Internet Protocol Addresses
- Email addresses
- Account names
- Social Security Numbers
- Driver's License Numbers
- Passport numbers
The law also protects information that "identifies, relates to, describes, or is capable of being associated with, a particular individual," such as:
- Physical characteristics or description
- Telephone number
- Insurance policy number
- Employment history
- Bank Account Number
- Credit or Debit Card number, or any other financial information
- Medical and Health Insurance Information
Your property management business may not possess all of this data—but you will no doubt have some. It's worth noting that the CCPA originally covered employee data as well as consumer data. An amendment proposed recently would exempt this data for the time being, as well as that of job applicants, owners, directors, officers, medical staff, and contractors. Be aware that this exemption would expire on January 1st, 2021.
This law represents a significant change in the digital landscape. Whether you are legally liable to protect this sort of information is relatively irrelevant at this point. Consumer demand—and the legal infrastructure to back it up—is leaning towards protecting private information as robustly as possible. You can only serve your property management business by adhering to these rules.
Your property management business will benefit from getting this right and complying with the CCPA and similar privacy laws. You'll earn the loyalty of your clients and stay out of legal trouble by doing so. This law is an example of the ever-changing nature of the legal and regulatory landscape.
At RentBridge, we use SSL encryption for all of our clients to help ensure that the data collected through our marketing and automation is kept secure. If you're interested in how you can modernize your property management company's security measures, reach out to the experts! When you take advantage of our property management automation packages, you're getting top-notch encryption rolled right in.