Most of the recent attention of the real estate industry has been focused on the long running dispute between the Department of Justice and NAR over the VOWs policy. The DOJ and others are targeting the information advantage and perceived pricing power of real estate brokers that they believe is manifest in the rules of Multiple Listing Services (MLS).

A new data presentation policy will be developed that may meet with the approval of regulators, legislators and practitioners. But don't expect it to bring peace or stability to the industry. The federal government has always played a major role in how information is managed and protected in most industries, and real estate's exemption is coming to an end.

The DOJ wants to see changes in the policies that define how MLSs operate so that all consumers and brokers have fair access and use of real estate information. Meanwhile, Congress will likely be voting on legislation to ensure that information brokers have the necessary controls in place to prevent unauthorized access and use of many types of information used by real estate practitioners.

The recent disclosures of information security breaches by ChoicePoint, Bank of America, Lexis Nexis and many others have shocked the public and exposed how vulnerable individuals are to the compromise of their personal information. The "Information Protection and Security Act" (IPSA), is the legislative response, and the Federal Trade Commission, another federal regulator, will determine by the end of the year if and how IPSA will apply to MLSs.

MLSs don't traffic in social security or credit card numbers, but a few license data for commercial purposes. The FTC may decide that MLSs don't fit the definition of "commercial information brokers" that are the primary focus of the legislation. The opposing viewpoint is that they will conclude that MLSs receive data from a variety of sources, compile, aggregate and publish information that includes the personal information. The information that MLSs manage is used by consumers, commercial and government organizations for a variety of purposes. MLS revenues are a small fraction of the information services industry, but the transaction they support is at the top of the consumer food chain and the focus of other unwanted federal attention. You make the call.

Disclosure of breaches and possible penalties for security malpractice will bring additional cost, complexity and risks to the information brokers that have had years to absorb the dictates of precursor regulation. IPSA compliance for MLSs is likely to mean:

• Developing information security policies that are mandated for participating brokers

• Creating oversight and enforcement programs to mitigate new liabilities

• Modifying agreements with trading partners, contractors and vendors

• Investing in information security technologies and management skills

The so-called blended IDX/VOWs policy will get an assist from federal legislation that may determine what "appropriate data security" means. For example, strong authentication, tracking of information flows, identifying vulnerabilities, preserving the integrity of sensitive information and disclosing potential breaches.

Information is the life blood of the real estate industry, and legislation is a blunt instrument. Changes in the rules about how information is presented, distributed and controlled are coming from DOJ, FTC, Congress, the NAR and others. There will be unintended consequences. Until the fog clears give the NAR credit for taking on the DOJ and creating the Information Security Guidelines that can help their members deal with the next shoe -- before it drops.

Published: June 23, 2005

Use of this article without permission is a violation of federal copyright laws.

Jack Horton is Managing Partner of the Secure Content Group, an information strategy consulting firm in Washington D.C. serving financial services, pharmaceuticals, government and real estate. Mr. Horton’s career has included positions as: IBM Director of Market Operations responsible for the company’s business affairs with its largest customer, the U.S. Federal Government. CEO of GetActive Software, the leader in member relationship management software for major non-profit organizations. SVP Market Development for Equifax Secure, responsible for developing a managed public key infrastructure (PKI) service for Equifax the largest U.S credit reporting agency. Senior Principal at Booz·Allen & Hamilton, leading the practice that developed Internet based application services for the chemical, retail and banking industries. Mr. Horton holds a BA in economics from the University of Wisconsin-Madison. He has participated in executive education programs at Harvard University, IBM’s Advanced Management Institute, Brookings Institution, Darden School of Management at the University of Virginia, and the Aspen Institute’s Center for Communications and Society. For more information, you can contact via email at jhorton@securecontentgroup.com or visit his website Secure Content Group.