Hardly a week passes without a scary news story from a major credit card company, bank, or online shopping site that the security of critical consumer data has been compromised. If these data-heavy, security-oriented companies can't adequately protect their sensitive customer information, then how will apartment companies and their business partners be able to accomplish such a task?

Despite the difficulty, though, multifamily firms must find a way. Identity theft is on the rise, claiming 7 million victims between July 2002 and July 2003, according to the Identity Theft Resource Center in San Diego. In such an environment, property owners and managers are finding that the responsibility to protect residents' and applicants' information– and the potential liability if they don't– is falling on them.

"It is a real big issue," says Chris Acker, director of ancillary services at Post Properties in Atlanta. "And it's up to us to set policy."

That responsibility has grown even bigger with the advent of new data destruction rules under the 2003 Fair and Accurate Credit Transactions Act (also known as the FACT Act) that sketch out an obligation to properly destroy certain types of data. "The data destruction rules are very straightforward," says Jeanne Delgado, vice president of property management at the National Multi Housing Council in Washington, D.C. At the same time, though, many apartment firms aren't aware of or don't understand the new rules, an oversight that could prove extremely costly.

Data, Data Everywhere

Drowning in data? You're not alone. Look around just about any office, and you'll find sensitive data anywhere and everywhere– on faxes, in colored file folders, stacked in haphazard piles on an employee's desk, and residing on network servers, desktop computers, and those company laptops that are winging their way across the country with traveling executives.

It's impossible to protect it all– no data is 100 percent safe– but you can safeguard the more sensitive bits, such as a person's credit history, bank account numbers, financial information, job history, and company secrets.

Like money being transported by armored car between banks, data is at its most vulnerable when it is in transit, traveling between two points in cyberspace or on paper from one fax machine to another. But data is much easier to hijack than an armored car. All it takes to seize this information is a savvy hacker, a disgruntled employee, or even an innocent worker whose access to information is simply broader than it should be. After all, despite companies' best efforts to automate, the multifamily industry is still paper-intensive, notes Delgado. "There is so much stuff in paper form," she says, which makes it more difficult to control access.