The best way to avoid a data breach is to not have data.
European Union (EU) created this recent annoyance: General Data Protection Regulation (GDPR). U.S. tech companies are jumping through hoops to comply. But here in the USA there is a major problem that's being ignored: real estate entities are collecting bank loan type data from potential condo buyers, even though condominiums are real estate as opposed shares in a co-op apartment building corporation. And it happens even if it's an all cash deal.
Oh, and if a condo owner wants to rent the apartment, the renter must fill out the same paper work, even though the unit owner is responsible for paying common charges.
But who maintains that data? Probably the management company, which is not exactly IBM, especially outside Manhattan.
How and when is that data purged? If a renter leaves or an owner sells, does that data get purged? Does a person have the right to review the data kept?
Where is the GDPR level of concern in all this?
Condos Steal a Page (or 20) From Co-ops nytimes.com By JULIE SATOW JULY 14, 2011
... the board president at 255 Hudson Street ... defended the building’s vetting process. “Our board application is as standard as they come for condos right now,” he said. “We do best practices and our management company advises us if they see any red flags.” ...
In the wake of the recession, an increasing number of condominium boards are hoping to weed out financially questionable buyers by requiring extensive application packages. Demands can include years’ worth of federal tax returns, detailed lists of all assets and liabilities, several letters of references, and even board interviews...
... condominiums ... are turning to this strategy because they have no real power to reject an applicant. The only tool at their disposal is the right of first refusal, which allows condominium boards that are unhappy with a buyer to purchase the unit themselves or designate a buyer for the same price. But few buildings can afford to do so.
“It is a bullying strategy — condominium bullying,” said Adam Leitman Bailey, a Manhattan real estate lawyer. “If a condominium has a questionable buyer, they’ll just keep asking for more and more information, dragging things out, until the buyer walks away.”..
It is the condo boards, and not the management companies, that decide on the extent of the application package ...
“Right now in New York City, the only place that you are not being asked questions is when you buy in new construction,” Ms. Teplitzky said. “All they ask is for your name and your money.”
______________________________
Ah, like the good old days ... about ten years ago in Manhattan and maybe three years ago in Westchester County, NY. I first discovered it in December 2017. I cancelled a deal because of it at a brand name condo. At first I thought it was a Bernie Madoff scam: make the prospective buyer feel like they don't sell to just anyone, only to special people. I have a hunch that it started that way and that lower level companies simply played copycat.
At the very least, condo and co-op boards should be held responsible for any data breach. They should not be insulated by a management company that could disappear.
How about some USA legislation on this?