From: National Real Estate Investor

John C. Amabile & Alex Galvan

In the aftermath of multiple reports of data security breaches, much of the conversation regarding cyber-attacks has focused on the retail industry. The looming cyber-security threat, however, is not limited to industries with a point-of-sale component. Indeed, as reflected in recent news, broad definitions of “personal information” render a wide range of non-retail industries vulnerable to potential liability due to a data security breach. One perhaps unwary industry which should take a step back to analyze its risk is that of REITs.

The definitions of “personal information” which REITs (and others) will possess come from various state laws. While each state’s statute differs, each provides a definition of “personal information.” For example, in Georgia, “personal information” consists of information that, if compromised, would allow for the possibility of identity theft. Typically, this includes an individual’s name along with another piece of sensitive information, like a social security number, a bank account number or other financial account number (along with the corresponding personal identification number).

Read Complete Article