4 Tips on Data Privacy for Multifamily Operators

Protecting residents’ data is a top priority for owners. Experts at NMHC’s OPTECH conference break down how to keep communities safe.

L to R: Ryan Buchert, Josh Erosky and Jeff Kok speak at a panel on data privacy at NMHC OPTECH 2019 in Dallas.

With great technology comes great responsibility. That was the message from experts speaking on a panel about data security and privacy at the National Multifamily Housing Council (NMHC) OPTECH 2019 Conference in Dallas this week. 

Over the last decade, data breaches have become a major issue for both companies and consumers across the globe. A major breach could expose the personal data of hundreds of millions of users, making companies vulnerable to lawsuits, responsible for costly fixes and suffering harm to the firm’s reputation. Last November, Marriott International revealed that the company’s Starwood reservation system had been hacked and up to 500 million guests of the brand had their personal information stolen.

For the multifamily industry, which has been shifting more and more toward tech for everything from resident screening to smart home technology, protecting residents’ data is more important than ever. Here are the top takeaways from industry experts on what multifamily owners and operators need to know about data privacy.


For sophisticated hackers, buildings with IOT can offer myriad possibilities for entering into a network. And these days, everything from security cameras to light switches are connected through IOT.

“If you think you don’t have IOT, you probably do,” said Josh Erosky, President of Secure Multi-Family.

Panelists urged operators to think about all access points in a community that hackers could potentially use to access the network. With third party security firms, make sure they perform what’s called penetration tests, which check for security vulnerabilities that a hacker could exploit. These can be automated with software applications or performed manually by a security firm.


It all comes down to the contract. Having an airtight legal framework can often be the difference between a costly lawsuit and a safe and secure network. Make sure to look at contracts in detail and make sure they thoroughly address matters related to liability and risk.

“Sit down with your attorneys and find out what matters for you as a smart home provider,” said Jeff Kok, Chief Innovation Officer & Chief Information Officer at Mill Creek Residential.


Collecting data has become commonplace, as advanced technology can easily track even the most mundane activities, like when a resident changes the setting on their thermostat. This kind of info can be beneficial to owners and operators, but it can also lead to residents feeling uneasy.

“This matters to residents,” said Ryan Buchert, Chief Technology Officer at Stratis. “They want to know who’s collecting what info and why.”

Setting a privacy policy and being clear about what information you are collecting and what you are doing with it is important in establishing trust between a community and its residents.

“If they’re perceiving you as Big Brother, that’s going to be an issue for you,” said Kok.


Legislators are getting serious about cracking down on data breaches and how companies collect and use data from consumers. On January 1, 2020, the California Consumer Privacy Act will go officially go into law. The bill was created to protect the privacy rights of residents of California by allowing them to find out who has collected their data as well as requiring companies to delete the data if requested.

California’s privacy law was inspired by the European Union’s GDPR law on data protection and privacy, which officially went into effect last year. In addition to California, 27 other states across the country are looking at or are close to passing similar legislation.  

You May Also Like