New technologies like smart-apartment upgrades are providing multifamily companies with the increasing capability to collect large amounts of data about their residents. But along with that ability to collect so much information comes the responsibility of protecting it.

“We have to be proactive and transparent in our policies around data so we can [reassure] both our prospects and our residents about how we’re using it, if at all,” says Stephanie Fuhrman, managing director of technology services at Greystar.

To quell any concerns, it’s best to update the lease agreement with language regarding what data are being collected and how they’re being used. For example, if you’re collecting data from residents’ smart thermostats, it should be expressly stated whether the manager can track what each resident is doing or if the data collection is just aggregated from all units to provide information such as average temperatures in the building or percentage of units set to the “away” mode.

Fuhrman warns that accessing a resident’s smart home technology could be a breach of privacy. For that reason, accessing smart features remotely should be treated no differently from providing 24-hour notice before physically entering a unit.

“The use of data and technology needs to align with current policies and procedures,” Fuhrman says. “We need to comply with real estate law and utilize strong national practices to balance the use of data.”

The new technologies, and the software used to run them, put properties at an increased risk of a ­cyber ­attack. To minimize that risk, most property managers appear to be reverting to policies similar to those they use for personal information such as Social Security numbers, promising to protect the data and not share it.

Some managers, however, have shrugged off privacy concerns regarding smart technology, rationalizing that would-be hackers could obtain only benign information, such as utility usage. But there are deeper concerns, such as the potential to hack residents’ locks, or even use their home technology as a gateway to software holding tenants’ personal information. For these reasons, owners and managers should update their insurance policies and third-party contracts to clarify who holds responsibility in the event of a cyber attack.