Identity Theft: Best Practice for Landlords and Property Managers

April 1, 2010

Many landlords and property managers have access to precisely the kind of information identity thieves need to perpetrate their crimes, i.e., social security numbers, bank account numbers, birthdates, license numbers, and credit card numbers.  If this confidential material were to be obtained by an unscrupulous person, whether through the efforts of an aggrieved former property manager or through lax security, there may be liability and damages imposed.  This article shall review the identity theft problem in the real estate management field and suggest best practice techniques in an effort to avoid the problem and the commensurate damages that could follow.  The recent passage of the Data Security Regulations that are now effective mandates preventive steps to safeguard protection of personal data.

State and Federal authorities view identity theft as a serious crime, and any misuse of personal information could result in a substantial fine or possible jail time.  The State and Federal statutes that currently exist have been tightened recently and are the subject of strong efforts by law enforcement officials and legislators to make these statutes broader, and impose tougher monetary and criminal penalties for violations.

A recent case cited by the Needham Police Chief Tom Leary involved a scenario in which a landlord, upset with unpaid rents from a departing tenant, sold the tenant’s information to an identity thief to recoup her losses.  Stiff penalties were     imposed in that case.

Another pitfall for landlords and property managers lies in the manner by which they store confidential tenant information.  In a recent and much publicized case, BJ’s Wholesale Warehouse, based out of Natick, MA, recently came under fire for the manner in which they kept customer information.  BJ’s was forced to settled a suit filed by the FTC; “the commission said BJ’s had settled charges that it did not provide reasonable security for sensitive customer data like credit card numbers and would take further steps to protect the information.”  BJ’s is also facing close to $13 million worth of private claims.  This opens the possibility that holders of confidential information could be liable for security breaches should that information fall into the wrong hands.  To date, no reported case in Massachusetts involves a data security breach in a landlord’s or property manager’s office.  However, the increased public awareness of identity theft, and the ever increasing sophistication of identity thieves’ methods, increases the likelihood that liability to the real estate owners and managers, on the basis of the common law duty to preserve the confidentiality of tenant records, may soon follow.

BEST PRACTICES OR TIPS

Some valuable steps to protect your tenants’ information,

1.         Safeguard Personal Information

Never give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact or are sure you know with whom you are dealing.

2.         Communications with Tenants

Deposit your outgoing mail in Post Office collection boxes, and be vigilant about how you transmit bills or statements to your tenants if they contain confidential information.  Do not transmit confidential information                   electronically without valid and secure passwords.

3.         Disposal of Confidential Information

Thwart ID thieves who may go through your garbage by tearing or shredding charge receipts, copies of credit/renter applications,  insurance forms, checks and bank statements.

4.         Protect Tenant Social Security #s

Do not place the tenant social securing # on tenant ledgers that may find  its way into court on an eviction case, and do not disclose them to another  person.

5.         Computer Safeguards

Avoid storing confidential tenant information or information on a laptop without a valid and secure password, since they are easy targets for ID thieves.  Always install virus protection software on your computer and                                have adequate firewalls, especially if you have high-speed internet access that is left on 24 hours a day.  In addition, use “secure browsers,” that is, software that encrypts or scrambles the information you send over the                              internet.

VIGILANCE

The most effective manner by which to protect your tenants’ confidential information from identity theft is to remain vigilant.  Prompt reporting of an identity theft to local police and the FTC should allow state and federal authorities to better track and hopefully, apprehend the guilty parties.

Designing and implementing a new policy to protect and secure confidential tenant information is critical to minimize the exposure of landlords and property managers to legal liability.  Because identity theft has reached epidemic proportions in this country, the time to implement secure systems to protect tenant information is now!

Howard S. Goldman is the founding partner of Goldman & Pease, a law firm specializing in real estate, litigation, and small business issues, including the representation of landlords, property managers, condominium associations and other real estate professionals.  He is also a member of the Real Estate Committee of the Massachusetts Bar Association and the Institute of Real Estate Managers.