The California Consumer Privacy Act (CCPA) has been one of the most anticipated regulations of the year and officially went into effect on January 1, 2020.
We’ve covered the California Consumer Privacy Act (CCPA) before in our ‘Heard of it?’ series. In this post we’ll dive deeper into how new data privacy regulations, such as CCPA, are influencing and impacting the real estate industry. For a more comprehensive summary on CCPA, make sure to check out our other blog post.
Let’s start with a quick refresher – CCPA gives California residents the right to the following:
Data privacy regulations like CCPA (and GDPR) have forced businesses across the world to re-evaluate how they capture, store, share, and sell data from their customers. It’s important to remember that these new regulations don’t just affect big data companies like Facebook or Amazon. The International Association of Privacy Professionals (IAPP) estimates that over 500,000 businesses in the United States (100,000 of them located in California) will need to comply with CCPA. As more data privacy regulations come into effect, these numbers continue compounding at an exponential rate.
CCPA IN REAL ESTATE
While these new data privacy regulations will inevitably change every businesses’ relationship with consumers, there is one industry that will be particularly interesting to watch through this transformation – real estate. (Ironically, CCPA was initially conceived by a real estate developer named Alastair Mactaggart after he learned from a Google engineer how much data Google was actually collecting from unsuspecting consumers.)
Why? Firstly, real estate is considered a B2B, B2C, and even C2C industry that has undergone a rapid digital transformation the past few decades. This new wave of data protection regulations will now restrict how brokerages and real estate companies are using, selling, and sharing troves of personal consumer data captured over the years.
It’s also no secret that the real estate industry has access to particularly sensitive personal and financial information. Obvious things you’d expect like names, phone numbers, addresses, social security numbers, bank accounts, tax IDs, and more. Other information captured can also include things like credit history, passport numbers, mortgage applications, insurance information, race/ethnicity, sexual orientation, or even precise geo-location information in real time. Now the industry as a whole is being challenged to clean up its existing data and increase transparency, while also updating or implementing new, compliant business practices.
In addition to the data management issue, the real estate industry does a significant amount of its business (often including shared customers and data) with vendors, contractors, credit card companies, banks, brokerages, and others. Hundreds of millions of vendor records, accounting records, corporate records, property records, legal documents, multiple listing service (MLS) documents, association documents and others will all need to be reviewed and revised to include data privacy and protection language.
While CCPA has only recently gone into effect, the consequences for companies that do not comply include large fines (up to $7,500 per record) in addition to legal repercussions. As the law went into effect in 2020, it remains to be seen what companies if any, will have CCPA violations. However if we’ve learned anything recent from GDPR violations, we should expect CCPA compliance to be taken very seriously.
In July of 2019, British Airways was fined €183 million after a data breach the compromised the personal data of 500,000 customers. In July that same year, Marriott also received a hefty fine of €99 million, after a cyber-attack exposed 339 million guests’ personal data. Months later in October, a German real estate company, Deutsche Wohnen was fined €14.5 million for violating GDPR for not having a way to delete obsolete personal data from the company’s archiving system.
Ohio-based law firm Bricker & Eckler has been helping clients prepare for CCPA for several months. In addition to its traditional real estate practice services, such as drafting transaction documents, due diligence, asset management, and loan services, Bricker & Eckler is equipped to help businesses achieve global data privacy compliance.
“CCPA is only one of many new data privacy regulations that are transforming the relationship between businesses, consumers, and their data” says Lauren Curto, Litigation Support Manager at Bricker & Eckler. “Data privacy compliance is something we strongly advise getting ahead of. We’re focused on helping our clients first understand what consumer data they have, evaluating and implementing new compliance policies, monitoring that compliance, as well as remedying any imposed sanctions.”
Although achieving CCPA compliance can seem like a daunting task, it’s something that many are taking seriously and moving quickly on. Managing regulatory response compliance is a new form of competitive advantage. Getting organized and finding the risks, obligations, and opportunities within existing documents is the first step. Heretik’s contract review application was built to scale large regulatory response projects, such as LIBOR, CCPA, GDPR, AB5 and others. With a modern interface, intelligent document analysis, robust reporting, and more, Heretik helps teams understand, prioritize, and act on their contract data. Click below to schedule a demo with our team!
Claire is a Marketing Coordinator at Heretik. She recently graduated from Miami University Ohio with a double major in Journalism and Mandarin Chinese. Prior to Heretik, Claire worked at Amdur Productions and for Miami University College of Arts and Science.