Jill Chodorov, a real estate agent with Long & Foster, writes an occasional column about local market trends and housing issues.
Homebuyers beware. If you are nervous about having your financial information hacked when purchasing linens for your new home at Target, have you considered how easily your private data can be lifted from your Mortgage Company or real estate broker during the home-buying process?
If you haven’t thought about it, maybe it is high time that you did.
In a recent study conducted by HALOCK Security Labs, a cyber-security consulting firm based in Schaumburg, Ill., it was discovered that seven out of 10 mortgage companies allow information-sharing practices that put your personal and financial data at grave risk.
According to Terry Kurzynksi, founder and senior partner of HALOCK, “the entire [real estate industry] ecosystem is bad.” Kurzynski used Experian’s (one of the three major credit bureaus) recent involvement in an identity theft scheme affecting 500,000 Americans as an example.
Don Frommeyer, president of the National Association of Mortgage Brokers, disputes the findings of the survey. He said people in his industry are careful with buyers’ personal information and he doubts there’s a a problem in his industry. Still, he said, consumers should feel free to inquire about lenders’ policies on handling private data.
“It is a good idea to ask your lender how they will handle your personal information and what do they do with it once they have completed your loan,” Frommeyer said. “Everything in our industry has been on lock down in the last four to five years. I find it hard to believe that only 30 percent of mortgage lenders are taking security precautions.”
Kurzynski said he believes mortgage companies aren’t the worst offenders when it comes to being careless with consumers’ personal data. “If you think that is bad, I can guarantee it is far worse with your real estate broker,” he said.
One local real estate agent, who requested anonymity because she’s not authorized to speak on such issues about her broker, said people in her industry need to do more to protect consumers’ confidential information.
“I see clients’ personal financial information and contracts haphazardly lying around the office all the time,” the agent said. “My broker does not have any formal policies or training in place, at least none that I know of.”
Melanie Wyne, senior technology policy representative in the Government Affairs Division of the National Association of Realtors (NAR), said it adopted a set of best practices for the industry in 2009.
“I wouldn’t say there was a particular incident,” Wyne said regarding the reason for establishing these best practices. “As of today, 46 out of 50 states have data breach notification laws. Given these state level laws and the fact that a federal law is expected soon, we wanted our members to get ahead before the federal law is put in place. We want our members to be prepared.”
In 2011, NAR published the Data Security and Privacy Toolkit for its members to use as a guideline for best practices regarding information security.
“The first question we need to ask ourselves is do we even need to collect the information that we are collecting,” Wyne said. “A common practice among some agents is to collect driver’s license information. But if you hold on to that information, it becomes a liability.”
“Brokers and their agents also need to understand how to properly dispose of information. You don’t just put loan documents in a trash can,” Wyne said.
Starting in May, NAR will offer its members an online training course on best practices, which will be good for continuing education credits.
Michael Moran, chief executive of the Greater Capital Association of Realtors, said that it has never received complaints from consumers about the security of their personal data. Asked if any policies or protocol have been put in place for its members, Moran said, “We have discussed it, but nothing has been done yet.”
“I would hope that agents are doing their best to protect their personal computers,” Moran added. “I would assume brokers are sensitive to this, as most of this [data sharing] occurs on their servers.”
Some local brokers are taking this issue very seriously. Jason Sherman, co-chief executive of Real Living At Home, a small brokerage firm based in Chevy Chase, D.C., says he goes “above and beyond” to ensure his clients’ personal information is protected.