As most are aware, identity theft is rampant, with South Florida one of the highest risk areas. What kind of risk does a condominium have? While you may not be an attractive target to an organization such as WikiLeaks, you are still a target. More than most would imagine. Think about it. Major firms have major protection levels, so only major hackers are interested in them. But smaller firms, such as your association, still have data that identity thieves would love to have, and they know you are unlikely to have strong protection. After all, why would you? You’re not a target….or you weren’t, until now. ID thieves are now targeting small operations, knowing that often their theft won’t even be identified until the data is sold and used.
Identity thieves are looking for personally identifiable information (PII): any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. PII can be considered sensitive or non-sensitive. Non-sensitive data are items that can be easily garnered from public records, phone books, and websites. Sensitive PII is information which if stolen, could be harmful to the individual breached. This data includes items such as health data, social security numbers, or even passport numbers.
So, how does this affect your Association, and you? Image how much PII you have on property, for your owners, their families, tenants, even employees. You could easily have data on hundreds, even thousands, of individuals. Is it kept secure? Is there limited access to it? Or can anyone who gains access to your office also gain access to the files? If you do not properly secure and store data such as this, both and the Association could be held liable if the Association’s data was breached.
Employee Data
Almost all files relating to your employees contain sensitive PII, including their original employment application, hiring paperwork (W4s and I-9s), insurance applications, and ongoing payroll records. Keep in mind that much of this information is not needed on a regular basis. Therefore, it could be sealed and put away. Place it in an envelope, seal it, initial the seal, and tape over the seal. Then, you’ll know if anyone opens the envelope. Weekly payroll records should not include social security numbers. Most payroll systems allow the option of masking the social security number on reports, showing only the last four digits – if the data is not masked in your reports, make the request!
Tenant Data
Almost all Associations require potential renters and owners to complete an application, which often contains sensitive PII. Again, like with employees, this data need not be readily accessible once approval is issued. As with employee data, put all sensitive data (including that screening report!) into an envelope and seal it. Not only does this help protect that individual’s sensitive data, but it also makes record requests simpler. If an owner requests access to another’s file, you don’t have to worry about reviewing the entire file and removing the protected data first. It’s already separated and sealed.
Computer Data
How much of this data is on your computer? Think applications, screening data, payroll data. Ensure your computer, and any other with access, is properly protected. Use strong passwords to login to Windows and any software that would access such data. Make sure you log off whenever you leave the computer. Any connected backup drives should be encrypted. Backup portable drives or CDs should be stored in a secured file cabinet or safe. Encrypt your hard drive – use Bitlocker or a similar encryption tool.
There’s no way to guarantee that the data you are custodian of won’t be breached, but the trick to make sure you take all reasonable steps to protect it to limit your, and the Association’s, liability in the event of a breach.
Want to know how to protect your own data, or how to help your residents and employees protect their data? Look for my blog on Thwarting Identity Thieves.
