323.APARTMENTS takes resident personal identity information very seriously. Any staff member who views (and processes) your rental application form is a real estate broker and has submitted his/her fingerprints to the DOJ (Department of Justice) and the FBI (Federal Bureau of Investigation) as a licensing requirement of the Bureau of Real Estate.
323.APARTMENTS does not accept hardcopy application forms nor application forms sent via email.
- Hardcopy application forms are not accepted if other methods are available to the applicant. Hardcopy applications may be physically misplaced, lost, or even compromised. Under special circumstances when hardcopies are accepted, they are scanned and the original paper is shredded with a Level 6 / P-7 DOD (Department of Defense) crosscut paper shredder which meets NSA/CSS Specification 02-01 for High Security Crosscut Paper Shredders.
- Email application forms are never accepted. Applications sent via regular email are not secure and may be intercepted by man-in-the-middle attacks or compromised by viruses, trojans and other malicious technology.
- 323.APARTMENTS does not allow applicants to transmit any keyboard-typed personal data (except applicant name) on web-based application forms. This protocol specifically eliminates vulnerabilities to keyloggers, and databases that store digital ASCII characters into separate fields which can subsequently be searched for sensitive information. This vulnerability is most common with banks and healthcare providers.
- 323.APARTMENTS mitigates many vulnerabilities by using end-to-end encryption between all client-server connections. Furthermore, rental application forms are housed on Amazon AWS web servers, which also provide service to the CIA, Netflix, Expedia, Pinterest, Amazon.com, Pfizer, Dow Jones and other major enterprises.
- Pursuant to the Information Practices Act of 1977, no disclosure of personal information will be made unless permissible under California Civil Code Article 6 Section 1798.24. Resident personal information is never released for marketing purposes.
Who does CalOPPA apply to?
CalOPPA applies to any person or entity that owns or operates a commercial website or online service that “collects and maintains personally identifiable information from a consumer residing in California who uses or visits” said website or online service. CalOPPA does not apply to Internet service providers or similar entities that transmit or store personally identifiable information for a third party. In 2012, the California Attorney General’s Office specifically applied CalOPPA to mobile applications for smartphones and tablets that collect personally identifiable information. Hundreds of apps providers were notified that they were in violation of CalOPPA, and they were given 30 days to submit compliance plans or face fines of up to $2,500 for each time their app was downloaded. In this vein, 323.APARTMENTS support area users are preregistered and have executed consent signatures regarding the use of their personally identifiable information within the website.
What is “personally identifiable information”?
As legally defined, “personally identifiable information” refers to details collected on the Internet about an individual consumer, including an individual’s first and last name, a physical street address, an email address, a telephone number, a Social Security number, or any other information that permits a specific individual to be contacted physically or online. The term extends to details such as a person’s birthday, height, weight or hair color that are collected online and stored by an operator in personally identifiable form.
What is required under CalOPPA?
- A list of the categories of personally identifiable information the operator collects;
- A list of the categories of third parties with whom the operator may share such personally identifiable information;
- A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as collected by the operator;
AB 370 Requires New Privacy Disclosures
- Disclose how a business’s website or online service responds to Do Not Track signals from Web browsers.
- Disclose whether third parties may collect visitors’ personally identifiable information on a business’s website or online service.
What are the consequences of noncompliance?