Copyright© 2018 – Ohio REALTORS® 

September  18, 2018  

CE CLASS SESSION

8:00 a.m. – 11:00 a.m. (3 Credit Hours Core Law)

Data Privacy, Security & Minimizing Risk in RE

Transactions

INSTRUCTOR: Alec Hagerty, ABRM, BPOR, CRB, e-PRO, MRP, MRP,

PSA, SFR, SRS

Alec Hagerty, ABRM, BPOR, S-CREC, CRB, e-PRO, GHS, MRP, MCNE, MRP, PSA, SFR, SHS, SRS,

Knowledge Sponge Seminars LLC

Presents:

Data Privacy, Security & “Minimizing Risk” in R/E Transactions!

Fiduciary Duties:

O

L

D

C

A

R

Define:

……. Loyalty!

……. Confidentiality!

Article 2 of Ohio Canons:

“It is the duty of the Broker to protect the public against fraud, misrepresentation or unethical practices in the real estate transaction. The Licensee should endeavor to eliminate in the community, any practices which could be damaging to the public or to the integrity of the real estate profession.”

Data Security requires:

– “Reasonable Safeguards” to protect:

• Security

• Confidentiality

• Integrity of the data

• Proper disposal of the data

Wire Fraud Email Notice Example:

Important Notice:

– Never trust wiring instructions sent via email! Cyber criminals are hacking email accounts and sending emails with fake wiring instructions. These emails are convincing and sophisticated. ALWAYS independently confirm wiring instructions in person or via a telephone call to a trusted and verified phone number. NEVER wire money without double-checking that the wiring instructions are correct!”

Ohio has “Security Breach Laws” ….

Found in ORC. 1347.12, 1349.19, 1349.191, 1349.192,

FTC Principles used in the NAR Toolkit:

Take Stock

Scale Down

Lock it

Pitch it

Plan ahead

Take Stock:

Who sends personal information to your business?

How does your business receive personal information?

Where does your business keep the information you collect at each entry point?

Who has-or could have-access to the information?

What kind of information does your business collect at each entry point?

Scale Down:

“If your association or brokerage does not have a legitimate business need for the personally identifying information – then don’t collect it. If there is a legitimate business need for the information, then keep it only as long as it’s necessary. Once that business need is over, then properly dispose of it.”

Only print the truncated credit or debit card number on consumer receipts and do not include the card’s expiration date.

Don’t retain the credit card account number or expiration date unless you have an essential business need to do so.

Check the default settings on your software that reads C/Card #’s … be sure it is not set to keep info permanently and keeping info you don’t need!

Lock It:

Physical Security

Electronic Security

Employee training

Security practices of Contractors and Service providers.

– More info at: www.FTC.gov/InfoSecurity

Pitch It:

Identify sources of Information

Identify and document current retention policies

Evaluate existing policies

Create a policy

Legal review of document retention policy

Distribute the policy to employees and Independent Contractors and be sure the policy is being followed!

Plan to periodically review the policy to make sure it is still relevant.

Plan Ahead!

How will you notify individuals in the event of a breach?

Note: If you collect information from people from other states, you may be liable under the laws of “those states” !!!

Penalties for failure to notify could include:

- Fines, actual damages etc.

Data Breach Notification:

Description of “what happened”

Type of protected data involved

Actions to protect data from further unauthorized access

What the company will do to assist affected persons

What affected persons can do to help themselves

Contact information for company inquiry response system

Contact information for local and federal government authorities.

Note: See model California model breach notification

Phishing Scams:

Spear phishing:

NOTE: … TRUST NOTHING !!! VERIFY EVERYTHING!

Hints: When an email requests you to “do” something…

Where did the email come from?

Hesitate and verify before clicking on links!

CHECK FOR:

Letter “O” replaced by numeral “0”

Letter “I” is replaced by number “1”

Grammatical errors, typos,

Note: Government and Law Enforcement Agency’s do NOT request personal information or passwords via email!

Hints:

Require frequent PASSWORD changes!

Every 3 to 6 months

Strong passwords! Include symbols…

– Example: My#Realtor%Code^4You!

Multi-factor authentication

– Coming to “mainstream” soon …

• Biometric Identification:

– Example: Fingerprints or Facial Recognition

Hints:

Don’t access internet over Public Networks!

Neither Business nor Personal…

Public Networks are vulnerable to Hackers!

Hackers Exploit laptops, tablets and smartphones!

Set up a VPN.. “Virtual Private Network” or, enable two-factor authentication

(VPN service approx. $5.00/mo)

“Ransomeware” among the fastest growing Cyber Crimes!

Back up your important information. Preferably to two sources.

Example: Cloud and to separate hard-drive.

IC3 Website and FBI.gov websites to report or get information!

… www.fbi.gov/scams-safety/

Additional Notes:

THANKS for Attending!

Copyright© All Rights Reserved. Knowledge Sponge Seminars LLC

PROTE,CTING YOIJR BUSIi{tr,SS AI.{DYOIJR CLIE,}{TS FROM CYBtr,RFRAIJI)

LEGAL AFFAIRS DEPARTME,NTl1Nr

Best Transaction Practices: Real estate uansactions &quire flurries ofinformation betrveen numerous Barties. This makes for odmetime opBortunities forftaudsterq. Hory do-you s-ecurq your deal?

y' From the very start of arry ttunsaction, conmunicate and educate. Getall parties to the ttansaction up to speed on fraud "ted flags," andmake sure everyone implements secure email ptactices.

y' When wiring money, the person doing the wiring should pick up thetelephone and call the intended recipient of tlle wired fundsimmediately pdor to sending the funds in order to veri$r the wiringinstructions.

/ Remember to use only independendy verified contact information.

'/ Stay paranoid. A few years back the director of the FBI almost gottaken by an email banking scam. If it can happen to him, it can

happen to us.

Best Damage Control Practices: It's happened. A breach of data" a successfrrl

scam. a hack What to do?

{ rc a money wire has gooe out, immediately contact the bank to tryand stop the funds.

/ Noti& all affected or potentially affected parties. Maty states have

data breach notification larxts.

{ Change all of your passwords. If possible, change usernalnes as

welL

{ TaIk to your attomey.

{ Contact the police.

/ Report the breach to the FBI Intemet Crime Complaint Center:

http: / /www.ic3.gov/default aspx

r' Report to your REALTOR@ Associations.

430 North Michigan Auenve . Chkago, IL 6061 I-4087 . 800.874.65A0 ' wwu'REALTOR.ot'g

FFI NATIONAL

tH *r'^?fml"*'/Rt Atlon'

PROTE,CTII\G YOIJR BUSINE.SS AI.{DYOTJR CLIE,NTS FROM CYBE,RF'RAUI)

LEGAL AFFAIRS DEPARTMENT

By 2019, cybetcrime will cost businesses an estimated $2 trillion annually. Don't be apart of that statistic! Implement the following best practices to safeguard you, yourclients, and yout business from online criminals.

Best Business Practices: Develoo and enforce formal oolicies for ensurins data

securily.

{ Create, maintain and follow L comprehensive Data SecurityProgram.x

{ Create, maintain and follow a comprehensive Document RetentionPolicy.x

/ Avoid storing clients'personally identifiable information for longerthan absolutely oecessary. \[/hen you no longer need it, destroy it

Best Email Practices: Unsecue email accortnt$ are open doors to cyber

criminals. Follow these guidelines to help keep that door securely shut and lockedtisht.

- y' \Vhenever possible, avoid sending sensitive inforrnation via email.

/ rc you must send sensitive information via email, make sure to use

encrypted emaily' Never trust contact information in unverified emails.

t rc an email looks even slightly suspicious, do not click on any linksin iq and do not reply to it.

/ Cletn out your email account regularly. You can always storeimportant emails on your hard drive.

r' Do not use free vrifi to transact business.

r' Avoid using ftee email accounts for business.

/ Use strong passwords.

/ Change your password regulady.

* See NAR Data Security and Privacy Toolkit for guidance, http:l/www.reahotorg/law-and-ethics /narsdata-secudty-and-privacy-toolkit

FFI NATIONAL

4i0 No*h Miehigan Aocnac. chicaso, rL 606r r-4082. 800.s74.6ir. www.REAlroR.ors l# fiit^?Fml""'/

Frauds, Scammers, Identity Theft, & Fiduciary Concerns in R/E

- Information Sources

Confidentiality: : entrusted with confidences: containing information whose unauthorized disclosure could be prejudicial to the interest of … (Buyer or Seller) or? ______________ A fiduciary duty (from Latin fiduciarius, meaning "(holding) in trust"; from fides, meaning "faith", and fiducia, meaning "trust") is a legal or ethical relationship of confidence or trust between two or more parties. Typically, a fiduciary prudently takes care of money for another person.. In a fiduciary relationship, one person, in a position of vulnerability, justifiably vests confidence, good faith, reliance and trust in another whose aid, advice or protection is sought in some matter. In such a relation good conscience requires the fiduciary to act at all times for the sole benefit and interest of the one who trusts.

Information Sources:

www.Realtor.org (key in “Info Security”) “Data Security and Privacy Toolkit”

www.FTC.gov FTCcomplaintassistant.gov .FTC.gov/IDtheft

FTC.gov/phonefraud

Reputation.com / PrivacyChoice.org

H.R. 2221 - “Data Accountability and Trust Act”

Read: “Stealing Your Life” Frank Abagnale – Author

www.FBI.Gov - scams etc.

Google: Internet Crime Complaint Center “IC3”

Report Soc. Sec. Stolen to IRS.gov … Complete ID theft Affidavit form 14039

Official “FREE” credit report: only at… www.AnnualCreditReport.com

Report ID Theft: www.FTC.gov/idtheft or call: 877-ID-THEFT

www.FTC.gov/infosecurity

Do Not Call Registry: www.DoNotCall.gov or: 1-888-382-1222