Data Security Challenges in Real Estate

Chapter 1: Introduction

1.0 Background information

The property management industry is arguably among the biggest industry globally measured in size and financial valuation. Except of the occasionally growth financial crises such as 2008 global crisis, the industry growth over the years has been steady and it forecasted to have a healthy growth rate of 8.50% in the coming years (Dobson, 2019; PwC, 2019). Globally, both the commercial and private property market has been in arise over the past decade rooted firmly on the growing demands of the office spaces by corporates and comfortable living areas leading to increased and robust leasing demands. According to the report by JLL Global Office Index, in the quarter of 2016, the rent on prime office increased by 2.7% across 95 major markets with 4% growth expection to spill over to between 2017 and 2020 despite global instability concerns (Warren, 2016). Several factors are contributing to the high yearly demand of office and living spaces in most major cities and countries but economic global economic stability is a major contributor and streamlined property management industry (Dobson, 2019; Collinson, 2017). As argued by Warren (2016), the growth posits the increasing responsibilities and ultimately challenges encounters by sales and leasing agencies mapped with property management umbrella. The industry encompassing operating, controlling, and oversighting of real estate, personal property, physical capitals, equipment, and tools with individuals employed within the industry responsible for managing rent, tenants (finding, screening, handling leases, and handling complaints from tenants), maintenance and repairs, financial management, and keeping records. In addition to maintenance of the property, property managers engage constantly with the tenants and other stakeholders such as regulatory agencies, employees, and property owners (Ling, and Archer, 2013; Ball et al., 2013). As pointed by Barwick and Pathak (2015), companies in the industry handles number of duties and responsibilities on the behalf of the owners that include but not limited to dealing with contractors (builders, painters, electricians), handling taxes and utilities, mortgage payments, collection of rents and budgeting, securing tenants, and accounting financial. According to Hoesli and MacGregor (2014), property managers have a duty to the property owner, tenants, regulatory bodies, and suppliers and contractors ensuring implementation of leasing teams, habitable shelters, protection of both the tenants and property, operating within the scope provided by law, and, importantly, being responsible for recordkeeping.

Traditionally, the security ranging from personal to social wellbeing has been a major area of concerns heighten in the wake of 20th and 21st century with nearly, if not, social organizations and governments prioritizing on its elements. In the age of big data where considerable amount of personal and organizational information encompassing lifestyle, occupation, financial status, family information, addresses, organizational secrets, and clients information are held by electronic devices in mobile devices, computers, servers, or stored in cloud computing (Inukollu et al., 2014; Patil, and Seshadri, 2014). Technological advancement comes with not only efficiency ways of accomplishing tasks and enhancement of performance but also tremendous security concerns. In organizational perspective, these data theft compromises significantly its operations by losing intellectual property, business intelligence and secrets, damage of brand equity and reputation, and loss of customer trust. Ordinary individuals are not isolated from these new technological related crimes as personal and private information is in the line that can be explored by criminals. As highlighted by Sharma and Navdeti (2014), unauthorised persons can access data storage system of an organization and getting away with such privileged data and information. Globally, this has steered major privacy and security concerns at both the clients and an organizational levels. Within European zone, particularly, policies have been formulated aimed at holding the data holders (organizations) responsible for protection of such private and personal information outlined within collection, organization, structuring, storage, use, transfer, erasing, and consulting personal data (Kerber, 2016; Victor, 2013). Individuals and organizations in property management industry who are access and hold increasingly high personal information have, recently, been centre of attention on ways in which leasing agents make use of technology and importantly protection of the data in its structural systems as well as transfer. Recent studies have demonstrated more letting agents have shifted from phone calls and emails to engaging tenants and prospective clients through text messaging because of its convenience given that 92% of the UK population have access to mobile phones (Wakefield, 2018; Ofcom, 2016).

1.1 Research aim

Therefore, this study focuses on investigating ways in which letting agents have worked towards ensuring securing and privacy concerns are address in communicating with tenants and other stakeholders through text messaging (SMS).

1.2 Research objectives

With focus of addressing the research problem and aim above, this research will basis its approach on the following objectives

1. To critically review literature on security management focusing primarily on security policies, data protection, privacy, legal regulation requirements, and working practices observed in property management industry

2. To explore the security and privacy measures observed by letting agents while communicating with tenants and other stakeholders through SMS

3. To examine the privacy and data protection measures observed by letting agents within the UK while texting tenants, property owners, and contractors in property management industry

4. To appraise collected data from both secondary and primary sources establishing security management by letting agents within UK

Motivating factors

The key driving factors in undertaking this research is to explore the security measures observed and highlight concerns raised by the clients in property sector. The age of technological advancement and big data comes with numerous security concerns associated mishandling or misuse of personal data. Organizations rooting their operations on direct engagement with consumers normal access and hold considerable high personal information that poses serious security issues if not handle safely. In the recent past, agencies responsible for leasing out and managing property have increasingly adopted technology such as mobile phones and cloud computing to advance service provision and communication with the tenants. Currently, letting agents can communicate easily and cost-efficiently with tenants via text messaging. However, the security and individual privacy concerns relating sharing personal information through text message has been subject to discussion lately.

Being in constant engagement with number of stakeholders in the industry, the property management companies and subsequent agents are in access of considerable amount of data spanning from personal information and financial records of other players such as contractors and suppliers (Warren-Myers, 2012). In some regions such as London or New York City, the agents may hold astronomical personal information ranging from addresses, family details, financial and bank records, and private and health information to educational background, sexuality, beliefs, and opinion, which to some can be secret better remain hidden. In addition to upholding tenants’ trust in ensuring individual private life remains private, this information in wrong hands can significantly compromise the security of the affected persons. As such, expose the clients’ sensitive information and data to potential security risks from the unauthorised persons and being lost through mishandling. In the wake of technological advancement, most of the firms in the industry have adopted numerous technologies aimed at streamlining the service provision, engagement with stakeholders and management of day-to-day activities. According to Poon and Brownlow (2014), property managers have integrated such technological elements as cloud computing and management software to centralise operations through sharing information, collaborating with other players, setting reminders and alerts, and enhancement of stakeholders’ relationship. As argued by Korngold (2015), the increasing adoption changes brought by technological advancement in the industry has aided in automation of systems and processes while gearing into enhancement of tenants experiences. One of the most notable changes supported by technology is streamlining management processes and financial reporting where the agents can share with the client such information directly through emails and lately short messages (SMS) or WhatsApp via mobile phones.

Eraker et al. (2015) noted that the information handled by the property managers and agents is overwhelming and showing no signs of reducing. This has forced agents to adopt data visualization and analytic tools in managing and organizing data focused on ensuring accuracy, customization of services, and elimination of redundancies. For example, an agent can easily scan for information determining the financial status of an individual to get an extent of exposure before leasing out a property or dealing other business entities in the field. In some cases, the agents can outsource the services of data analytic companies to analyse and then share the same with the client. Recently, reports have emerged showing increased agents-tenants communication through mobile phones compared to other means such as emails due to ease in which one can be reached any time and place (Sanderson, 2016). Surveys indicate that in attempt to foster good relationship housing agents have fostered regular communication with tenants via phone call or texting (Hickman et al., 2018; Sanderson, 2016).

Research questions

The above assertions give rise to number of questions. First, in line to the security concerns brought technological integration into the property management, how do letting agents prioritize on the security measures and elements while communicating with the client via SMS? Secondly, to what extent do the letting agents establishes the security measures in handling data and privilege information of the clients? Given that societies are increasingly inclined to the privacy due to security concerns attached to it, how does letting agency work towards ensuring the clients’ privacy is maintained and prioritised?

Scope of the research

Primarily, this study aims to explore the security and privacy measures observed by letting agents when communicating with the clients (tenants) via SMS. In order to address this, it will focus on establishing the relationship and attributes of security and privacy within the property management environment. One approach of doing this will be to review and analysis critically the previously conducted studies capturing the security policies, data protection, legal regulation requirements, privacy, and working practices observed in the field. The expectation in researching the variables of the studies is that, it a wide field demanding in depth understanding of the structure elements observed by organizations and letting agents backed by data from several participants. It intends to measure the findings in terms of the security perception held, view of tenants privacy, structure put in places, and degree to which letting agents perceive security and privacy of the tenants during communication through SMS.

Chapter 2: Literature review

Estimated to be worth billion dollars globally, the private rented industry either commercial or residential tenure has been growth steadily over the years. According to Dee and Rahman (2015), security management of such a vast industry is essence under letting agency who coordinate tenants and managing the property. As highlighted by Patil and Seshadri (2014), organizations have increasingly integrated new and better ways of communication to reach out and enhance engagement with prospective clients and customers. Occasionally, the responsibility of finding and managing the tenants is solely left to letting agents meaning they can obtain and access personal and confidential information ranging from financial records, family information, occupation, and addresses as well as travelling and scheduling information. Arguably, although the focus of most studies lean on the security issues emanating from letting agents misuse or mishandling the clients personal information, security concerns related to agents dealing with strangers in unfamiliar areas also pose a security threats. Dobrian (2015) highlighted that in addition to physical threat posed to both clients and agents vulnerability associated to cybercrimes emanating from unauthorised persons or mishandling of the electronic data. Studies have demonstrated the most common cyber vulnerability include email compromise (BEC), Generic Malware, Ransomware, Mortgage Closing Wire Scam, and SMS fraud. Aimed at streamlining the services provision, the companies in the industry have increasingly adopted information technology to store and transfer clients detail. According to Mani et al. (2014), tenants are always hold concerns concerning sharing their personal information due to privacy and security issues. Souppaya and Scarfone (2013) argued purported that organizations holding or in access of individuals data have responsibility of ensuring they are safe and privacy upheld.

Studies conducted within the UK healthcare system and, by extension, European region on the use and security concerns faced by the use of text as mode of communication between patient and medical providers have found the need of formulating security policies and measures aimed at addressing concerns on privacy and personal data (Drolet et al., 2017; Bélanger, & Crossler, 2011). According to Huang et al. (2009), structure elements supporting the policies and culture prioritising on clients’ privacy and security basis of development of a centralised system that authenticate the user before accessing or sending data. Moreover, these studies focusing on SMS confidential information demands setting a trust and beliefs grounded on cognitive and effective attitudes from both parties on physical and emotional effect caused by mismanagement of security and ones’ privacy (Reamer, 2013). The prominence of SMSs in the healthcare where patients engaged directly and regularly with medical providers on matters related to their health has led to emphasis of integrity, standards, and cultural elements by individual access or holding clients’ data. As argued by Team (2017), the implementation of General Data Protection Regulation (GDPR) in 2018 requiring clients consent, safe handling of data, and holding organizations accountable for any data breach during storage or transfer highlighted the extent to which privacy and data protection has gained roots in modern society. The findings by Mani et al. (2014) argued that setting in place structural elements while making sure both the staff and employees understand the threats such as stalking, cybercrimes, and physical attacks associated with sharing and mishandling of personal information. Based on these principles building the regulation, individuals in access and handles personal information and data perceived confidential and private are bounded legally to bear responsibility in ten event of breach or misuse of such data whether during storage, transfer, or processing. Studies have looked in the concept of dynamic consent emphasizing on individuals agreeing to receive or his/her personal information to be used as essential elements in improving privacy and advancing data protection. Nevertheless, according to Hallinan et al. (2012), extra structural composition are required to ensure security and privacy in a ‘real’ world particularly in curbing issues related to legal pluralism, data protection, internet regulation, and trans-border transfers, which can be considerably challenging.

Chapter 3: Methodology

3.0 Research approach

Ideally, the concept of research methodology based on the descriptive techniques and roadmap outlining the ways of identifying, selecting, examining, and analysing data into usable information aimed to address the research topic. Kumar (2019) contended that a methodological approach followed by a study allows evaluation of reliability, validity, and criticality of the research on answering research questions and outlined aim. As a research ideological framework, this research will adopt interpretivist concept acknowledging and appreciating that security and privacy are multi-faceted variables where individuals having different perspective and ways of attaining personal or general secure and private environment. Building from its core beliefs that perception of reality is intersubjective based on individual meanings and understandings of his/her surrounding whether socially or experientially, this study will perceive that security and individual privacy in construed on one’s living environment and relative to time and culture. Furthermore, it will perceive that attainment of true secure environment and privacy linked to tenants-letting agents’ relationship and interaction is largely depended on cooperative and interactive input from both parties even though laws and regulations are in place. As a research approach, this study aims to have a deep understanding and establish the links between the security management and data handling by letting agents on whether it actually compromises one privacy and security and, if yes, to what extent. The focus will be grounded on tenants and letting agents’ point of view on ways that insecurity and upholding individual privacy can be enhanced but retaining SMS texting between the two as convenient and cost-effective way of communication. As such, it will employ qualitative research approach. According to Corbin et al. (2014), the approach is based on exploring and gaining deeper perspective of the problems outlining the underlying reasons and factors hence perceived suitable in addressing adequately the aim and objectives of this research.

3.1 Data collection and analysis

Data collection in particularly in academic research consists of processes acquiring information that would provide answers and addresses the forwarded topic, aim, and formulated questions satisfactorily and adequately. As pointed by Wilcox et al. (2012), a research can either take a primary or secondary approach in acquiring data with the former taking interactive approach by engaging directly with participants or variables through such techniques as questionnaire, interviews, or experiment whereas the latter using data and information from previously conducted research to address the problems outlined. This study aimed to investigate the security measures observed by letting agents capturing the security concerns and privacy elements in using SMS as mode of communicating between the two, it will interact directly with both the letting agents and tenants as well as other stakeholders such as contractors, suppliers, and landlord in the field. Presumably, this primary research approach will aid in developing an insight into the research topic. The questionnaire will comprise of both open- and close-ended questions filled through online platform, survey monkey. The sample population will be 150 participants consist of tenants, landlords, letting agents, and contractors/suppliers. The sampling process will be random but before participation, the individuals will have to indicate they have directly linked to letting agents through regular communication. The potential participants will be invited to participate in the research by sending request through social media, email landlord and agents whose addresses are in public domain, and reaching the tenants directly. The collected data will be examined for reliability and relevance before being analysed using thematic analytic tool.

3.2 Ethical consideration

In addition to ensuring reliability and relevance of the collected data, researcher will represent both primary and secondary data and information accurately will striving to avoid biasness and maintaining authenticity and truthfulness of the research. Moreover, the participants and other relevant authorities (university) will be informed the scope of the research including the aim, research problem, use, and handling of acquired data prior to their participation.

References

Ball, M., Lizieri, C. and MacGregor, B., 2012. The economics of commercial property markets. Routledge.

Barwick, P.J. and Pathak, P.A., 2015. The costs of free entry: an empirical study of real estate agents in Greater Boston. The RAND Journal of Economics, 46(1), pp.103-145.

Cushman, R., Froomkin, A. M., Cava, A., Abril, P., & Goodman, K. W. (2010). Ethical, legal and social issues for personal health records and applications. Journal of biomedical informatics, 43(5), S51-S55.

Dees, K. and Rahman, S., 2015. Enhancing Infrastructure Security in Real Estate. arXiv preprint arXiv:1512.00064.

Eraker, D., Dougherty, A.M., Smith, E.M. and Eraker, S., REDFIN CORP, 2015. Web-based real estate mapping system. U.S. Patent 9,213,461.

Hallinan, D., Friedewald, M., & McCarthy, P. (2012). Citizens' perceptions of data protection and privacy in Europe. Computer law & security review, 28(3), 263-272.

Hickman, P., Pattison, B. and Preece, J., 2018. The impact of welfare reforms on housing associations: a scoping study. Project Report. UK Collaborative Centre for Housing Evidence.

Huang, L. C., Chu, H. C., Lien, C. Y., Hsiao, C. H., & Kao, T. (2009). Privacy preservation and information security protection for patients’ portable electronic health records. Computers in Biology and Medicine, 39(9), 743-750.

Kaye, J., Whitley, E. A., Lund, D., Morrison, M., Teare, H., & Melham, K. (2015). Dynamic consent: a patient interface for twenty-first century research networks. European Journal of Human Genetics, 23(2), 141.

Koops, B. J., & Leenes, R. (2014). Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’provision in data-protection law. International Review of Law, Computers & Technology, 28(2), 159-171.

Korngold, G., 2015. Real estate transactions: cases and materials on land transfer, development and finance. West Academic.

Ling, D.C. and Archer, W.R., 2013. Real estate principles: a value approach. McGraw-Hill/Irwin.

Mani, D., Raymond Choo, K.K. and Mubarak, S. (2014). Information security in the South Australian real estate industry: A study of 40 real estate organisations. Information Management & Computer Security, 22(1), pp.24-41.

Patil, H.K. and Seshadri, R., 2014, June. Big data security and privacy issues in healthcare. In 2014 IEEE international congress on big data (pp. 762-765). IEEE.

Reamer, F. G. (2013). Social work in a digital age: Ethical and risk management challenges. Social work, 58(2), 163-172.

Sanderson, D.C., 2016. The tenant as customer: does good service enhance the financial performance of commercial real estate? (Doctoral dissertation, University of Reading).

Sharma, P.P. and Navdeti, C.P., 2014. Securing big data hadoop: a review of security issues, threats and solution. Int. J. Comput. Sci. Inf. Technol, 5(2), pp.2126-2131

Shin, D. H. (2010). The effects of trust, security, and privacy in social networking: A security-based approach to understand the pattern of adoption. Interacting with computers, 22(5), 428-438.

Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS quarterly, 35(4), 989-1016.

Souppaya, M. and Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise. NIST special publication, 800, p.124.

Team, I.P., 2017. EU general data protection regulation (GDPR): an implementation and compliance guide. IT Governance Ltd.

Victor, J.M., 2013. The EU general data protection regulation: Toward a property regime for protecting data privacy. Yale LJ, 123, p.513.

Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR). A Practical Guide, 1st Ed., Cham: Springer International Publishing.

Wilcox, A.B., Gallagher, K.D., Boden-Albala, B. and Bakken, S.R., 2012. Research data collection methods: from paper to tablet computers. Medical care, pp.S68-S73.