Protecting Tenant Data With PropTech Security Best Practices

The PropTech industry features numerous platforms and tools aimed at helping landlords, tenants, real estate agents, and others streamline essential tasks. However, these tools almost always have database functions, which could put tenant data at risk. It’s up to everyone who uses PropTech products to be aware of and follow specific best practices to reduce potential misuse.

Clarify Data Usage and Protection Rules

Many tenants feel uneasy about using PropTech platforms because agencies and other parties require them to use these tools to apply for or proceed with renting homes. They demand various pieces of personal information. Since more tenants are aware of — and have directly experienced — identity theft and attempted cyberattacks, many are hesitant to give up their data without a clear understanding of why a company needs it.

A study of Australians asked to use PropTech tools found two in five people received pressure from a landlord or agent to use third-party tools to apply for homes. At least 60% of that group felt uncomfortable with the personal information the application required, including proof of identity and income and references. 

Another concern raised in the study was that people did not receive clarification about whether the data provided would stay within the company requesting it or if it might get sold to third parties. People using these tools are also worried about hacks and data breaches.

The best way to alleviate these concerns is for a property company or landlord to be specific about the reasons for needing the data, how they will handle the information, whether third parties will have access to it, and what protection measures are in place to prevent misuse. It’s also advisable to mention how long a company will retain someone’s data, whether or not their application is successful.

All these specifics should be spelled out in a document all applicants or tenants must agree to before using a PropTech tool. Getting those details beforehand should help people feel more at ease. Additionally, if people must sign a document before proceeding, they cannot argue they were unaware of a company’s data-handling practices.

Follow Established Cybersecurity Frameworks

Many people who use PropTech tools may not think about their role in data protection and cybersecurity. In such cases, they often don’t know where to start in keeping tenants’ data safe. A good starting point is to rely on a well-known framework, such as the one offered by the National Institute of Standards and Technology (NIST).

This framework has five main aspects, which are voluntary. They center on being aware of how cyberattacks could happen, then taking the necessary preventive measures. Additionally, the NIST framework covers cyberattack recovery steps.

Creating best practices for tenant data protection causes insurers to look more favorably upon property companies trying to get cybersecurity premiums. These customers already need commercial property insurance. Consider how 20 U.S. natural disasters caused losses of more than $1 billion from January to September 2021.

However, it’s becoming more common for property agencies to get cybersecurity insurance, too. One February 2023 ransomware attack on the Indianapolis Housing Authority potentially affected more than 200,000 people by compromising their data. It’s easy to see how such widespread incidents could affect the bottom line and cause reputational damage. 

If an insurer believes a property company is not taking sufficient precautions to prevent data breaches and other cyberattacks, it may not offer premiums to that customer. Alternatively, securing affordable coverage could become more difficult for such a customer. However, proof of operating within a well-known cybersecurity framework could eliminate those barriers. 

Use Automation Features to Reduce Mistakes 

Most PropTech tools are cloud-based products. One of the main advantages is that authorized users can access the content from anywhere. However, with more people accessing content from wherever they are, there’s often an increased risk of things going wrong.

A 2023 study of cloud data breaches showed 55% of the incidents had mistakes as the main cause. Even the most careful people can make errors, particularly if overworked or stressed. However, many PropTech tools have automated features that significantly reduce the chances of mistakes. 

Cybersecurity professionals are increasingly likely to use automated tools, too. Many of these products help people catch threats they’d otherwise miss, using algorithms to detect characteristics outside the norm. 

Some people in the property industry suggest relying on automated tools to streamline data-collection practices and other necessary tasks. That approach can save time and effort. The above recommendation still applies — tenants must always be kept informed about what happens to their data. 

Relatedly, the people using automated PropTech features must not put too much trust in them. Instead, a good compromise is to use automation frequently but always depend on human oversight to verify that everything happened as it should. 

Update Data Protection Practices as Required

Anyone handling tenant data should implement best practices while remaining open to change as the situation dictates. For example, a new tool, privacy law, or type of data collected could change how tenants’ information is treated within an organization. Most PropTech platforms have built-in security features. They support — but don’t negate — the need for humans to create and update their best practices.

When such circumstances arise, everyone working with the data must agree on the best, most responsible ways to handle it. Then, tenants must get word of such changes, ensuring they have the most current information. That keeps everyone on the same page.