Skip navigation
business colleagues collaborating-Getty Images-72867922.jpg Getty Images

Property Managers Have a Responsibility to Protect Their Tenants’ Data

With greater access to building occupants’ data, property managers need to be proactive about protecting tenants’ privacy.

Property management is very much a people business in which personal connections are vital to the interests of both tenant engagement and retention. Those personal connections have become a lot more meaningful in recent years due to the growing availability of big data.

Property managers have at their fingertips unprecedented volumes of information that can guide their interactions with their building occupants; information on their behaviors, their comings and goings, and even their likes and dislikes.

James Scott, lead researcher at MIT’s Real Estate Innovation Lab and IREM’s innovator-in-residence, explains that this information is exploding still more as our building systems, from lighting and HVAC to door access, get fitted out with Internet of Things (IoT) sensors, rendering each formerly analog device “a vehicle that can transmit information to the outside world.”

Clearly, big data delivered to our devices provides a powerful tool of tenant engagement. But, according to Scott, “Property managers need to understand the security features of each component. You need to perform due diligence on each device, and understand how each one stores the information it gathers.”

Indeed. At risk here are issues far more critical than an occupant’s lighting preferences, with data such as names, addresses, social security numbers, bank-account and routing information, and credit-card access all there for the taking.

Scott provides a sobering statistic on this need from the commercial side of the equation: “When it comes to cyber security, many offices believe they are too small to be considered a target, but in reality, over 70 percent of cyberattacks take place in offices of less than 100 employees.”

As Forrester Consulting stated in a recent report, “Highly publicized breaches dominate headlines, and cybercriminals’ sophistication continues to grow. Forging a clear way forward is challenging.”

The good news here is that there is progress being made on the legislative front in terms of data privacy. It‘s about time, given the traditional dearth of U.S. regulations overseeing data use. In fact, as Scott explains, the U.S. lags behind such initiatives as Europe’s General Data Protection Regulations (GDPR), implemented in 2018. He is confident, however, about the ability of the U.S., in both the private and public sectors, to catch up.

The implementation of the California Consumer Privacy Act (also enacted in 2018) set the tone, says Scott, and since April of last year, no fewer than 17 states have enacted some form of legislation focused on privacy. What’s more, at the national level, Senator Kirsten Gillibrand (D-NY) earlier this month floated a bill that would create a national Data Protection Agency.

Whatever Congress ultimately does, says Scott, “One way or the other, legislators need to focus on people’s rights, the risks of doing harm, and on accountability.”

But it takes more than legislation, and responsibility starts in the private sector, with due diligence. In turn, part of due diligence is transparency. An article in TechRepublic notes that “When it comes to privacy, big data analysts have a responsibility to users to be transparent about data collection and usage.”

The article goes on to say that, “A prominent aspect of your responsibility is to be honest with your subjects [your building occupants]. At a minimum, it's your responsibility to let people know what you know about them, and what you're capable of doing with your analytics. For instance, if location analytics allow you to know where they are and where they're likely to go next, then let users know you have this technology.” And, in partnership with your vendors, certainly let them know what safeguards are in place to prevent hacking.

But whatever regulations come about from legislators or providers, IREM’s focus will not waiver, and we will continue to view privacy in the age of big data as an extension of our overall commitment to the highest standards of professional, ethical performance.

“Property managers are at the forefront of this initiative,” says Scott. “We need to remember that we are the caretakers of people’s data.”

I couldn’t agree more.

In addition to her role as 2020 president of the Institute of Real Estate Management, Cheryl Gray serves as the head of special projects and operational excellence at QuadReal Property Group in Toronto. She’s IREM’s first international president.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.