December 6th - 2005

What’s in your PDA is private

The functionality and portability of a personal digital assistant (PDA) makes it an indispensable tool for a growing number of REALTORS.

The functionality and portability of a personal digital assistant (PDA) makes it an indispensable tool for a growing number of REALTORS. A typical PDA can be used as a cellular phone, fax sender, Web browser and personal organizer. While on the road, REALTORS can stay connected to their clients, prospects and to their brokerage office by having their e-mail forwarded directly to their PDA. Back at the office, the PDA can be synchronized to a personal computer to update data in both computing devices.

Even though individuals are likely to closely guard their PDAs, the small size and constant mobility of the handheld devices make them more 0likely to be stolen, misplaced, or lost. When that happens a REALTOR has not only lost access to his/her “portable office” but has also risked unauthorized access and disclosure of the confidential and personal information that is stored in the device without use of security safeguards.

What’s law got to do with it?
By now, Ontario REALTORS have seen the extent to which the Personal Information Protection and Electronic Documents Act (PIPEDA) bears on all aspects of their day-to-day activity in their collection, use and disclosure of personal information.

In the case of PDAs, personal information must be protected by security safeguards appropriate to the sensitivity of the information. The security safeguards call for protection against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification (PIPEDA 4.7 Principle 7 – Safeguards and Principle 7 of the CREA Privacy Code–Protecting Information, links to both of which can be found at http://www.orea.com/index.cfm/ci_id/1440.htm.)

As an individual
Everyone in a brokerage has fiduciary and legal responsibilities to a client, so e-mails, electronic copies of address books, phone histories, memo pads, saved messages and any other confidential information pertaining to your client or your organization should be protected in case of theft or loss, or erased if you decide to sell your PDA (or laptop or BlackBerry for that matter.)

To remove all data some devices like the TREO have a reset button while the BlackBerry instructs you through a series of steps in its security settings. See http://www.palm.com/us/support/downloads/security_update.html or http://www.eaccess.com/Support/BB_FAQ_General.htm for more information. If it all seems too daunting, contact your IT support professional for assistance.

As an organization
The methods of protection are far reaching and should include physical measures, organizational measures and technological measures. As a starting point, consider having 1) a written security policy to establish rules and standards for PDA/BlackBerry users, IT administrators and managers to follow (including rules for storing sensitive information on the device – i.e. encryption), and; 2) education and training to increase awareness regarding security risks and to explain the responsibilities of both users and managers.

Best practice guidelines are also useful:

Institute wireless handheld device policy that mirrors PC security policy

  • Have handhelds managed and secured appropriately by the IT dept. (e.g. authentication standards, “power on” password access, idle time auto-lock/”screensaver”, port protection, etc.)
  • Ensure IT department maintains a list of authorized handheld device users
  • Label devices with a telephone contact number “if lost”
  • Protect the devices from theft or loss; store it in a secure area when not in use
  • Report lost or stolen device to IT department (to disable or lock device when applicable)
  • Include in the employee exit procedure a process to handle individual property that is used for and contains both personal and work data (i.e. if item is company property - return of device; if device is individual property - removal of sensitive information and clearing of configuration settings by IT department to prevent the disclosure of company and network information)

Cautionary Tales
Two cautionary tales about the pitfalls that occur when proper safeguards are not used for mobile computing devices are highlighted in Privacy Matters! a privacy newsletter for Ontario’s REALTORS – November 2005 issue. One story involves a BlackBerry that was owned by a VP of a large US financial services firm and sold by him on e-Bay, with all of the confidential and personal information still in it. The other is a summary of a Privacy Commissioner Decision involving a laptop computer that was stolen from a bank employee’s locked vehicle. It contained personal and confidential information about countless bank customers. Find out more by going to http://www.orea.com/index.cfm/ci_id/1440.htm.

To subscribe to the OREA Privacy Matters! newsletter, Ontario REALTORS need only log on to MyOREA to visit www.orea.com/index.cfm/ci_id/8009.htm and complete the subscription form.

Share this item

Merv’s Column: Can’t rely on old survey What the Blog is that?

For more information contact

Ontario Real Estate Association

Jean-Adrien Delicano

Senior Manager, Media Relations

JeanAdrienD@orea.com

416-445-9910 ext. 246

OREA AI Assistant