Continuing with the theme of trusting real estate attorneys and brokers with private information, this post examines the responsibility attorneys have to protect confidential information from a cyber attack. Of course there is agency law and duties of professional responsibility that require attorneys to take reasonable steps to protect a client’s confidential information – but what about the information given to other parties in a real estate transaction?
An example may help illustrate the point – let’s say you’re purchasing a home. You have to disclose a lot of information to a lot of people. Unless you’re purchasing through a limited liability company or other corporate entity, you at least have to give your social security number to your attorney for the payment of transfer taxes and the bank if you’re getting a mortgage. The condo or coop board will probably have it, it may get included in a deal sheet, and the brokers will probably see it. And this is a social security number. Financial information, addresses, and certainly identities can be passed around even more freely.
While all the people with access to this information during the transaction are trusted with the information and should be, the probability that any any one of them is hit by a cyber attack in the future is high. For property managers, it can be a matter when, not if.
What steps does an attorney working on a real estate transaction have to take to protect a client’s information when so many others have access to it too? As we saw previously, many buyers want to hide their identity from public records – but what about just keeping private information private? Is it the attorney’s responsibility to make sure the coop board has adequate computer security systems in place? That can’t be the case, but what are the reasonable steps the attorney should take to protect her client’s information?
At the very least, an attorney should discuss the possibility that sensitive information will be in many different hands during a transaction and highlight the possibility that information is stolen in the future. Such a possibility makes a strong case for using a corporate structure to hide the identity of a client.