Commercial Web sites typically include a link to a privacy policy at the bottom of the site's main page. Some of these policies can run several pages in length. The National Association of Realtors-affiliated Realtor.com Web site, operated by Homestore, is one of the top home-search destinations on the Internet. Its privacy policy is 10 pages long when printed. The following are excerpts from the site's privacy policy:

"Automatic Collection of Information: Like many Web sites on the Internet, we automatically track certain information about you as you visit and use our Sites to help us to better understand how the Sites are being used and how we can enhance your overall experience on each Site and improve the information, Site functionality, products and services that we (and our advertisers and partners) provide to you. This information may include, for example, your computer's Internet Protocol ("IP") address, the URLs and Site pages you've visited, the number of times you visit each Site page, what downloads and/or search queries you have made, how long you spent on particular sections of each Site and on each Site generally, and your browser type. This automatically gathered data includes information provided through the use of 'cookies.'

"As you visit the Sites, be aware that third parties may at times be able to gather information from and about you. For example, third party advertiser servers, companies that place advertisements on the Sites, our partners and affiliates, and other companies offering products or services through one or more of the Sites may use cookies to collect, store and use information about you and may collect information that you submit. Homestore affiliates, partners, service providers and other entities that have links on one or more of the Sites may also collect information about you when you visit their Web sites or otherwise communicate with them.

"Information from Cookies: Cookies are small files that we send to and store on your computer so that we can recognize it as a unique machine the next time you visit the Sites. Our cookies are used for three purposes: (1) to keep track of your information for your own convenience; (2) to help us optimize your online experience by altering our content depending on your particular needs or browsing patterns, and to provide you with advertisements, products and services that we believe will be of interest to you; and (3) to help us understand the size of our audience and their traffic patterns within the Sites. You are always free to decline any cookies we use if your browser permits. Some of our advertisers and third-party service providers may also utilize their own cookies. Also, companies offering products or services through a Homestore Web site may use their own cookies."

The privacy policy at Realtor.com, a National Association of Realtors-affiliated Web site is 10 pages long if you decide to print it out. If you read it on your computer screen, that's a lot of onscreen mouse-scrolling. But it is light reading compared with the 45-page final federal rule that stems from the federal Gramm-Leach-Bliley Act of 1999. That act applies to real estate privacy for appraisers, mortgage lenders and mortgage brokers, among others.

The list of federal and state privacy laws is, in itself, a lengthy read, and real estate associations have worked to keep members abreast of new and pending laws in the privacy arena.

But as a practical matter, enforcement of the laws is weak, and consumers often have little recourse even if there are privacy violations. In this modern economy that is increasingly linked to the collection, control and transfer of data, the privacy issue will continue to be a matter of public debate and a factor in public policy, they say.

"I don't think there's any question right now that privacy laws are going to become some of the more prevalent laws passed," said Mark G. McCreary, a lawyer at Fox Rothschild in Philadelphia who is an expert on intellectual property law, Internet law and privacy law. "I think they're overdue at this point."

Existing privacy laws don't offer a lot of recourse for consumers in the event their private information is released, he said. "You have to prove how you were hurt - without proving damages you don't have much to go on," McCreary said.

While many states have passed privacy laws, new federal legislation could give legislative teeth to these state laws, he said, especially as they related to e-commerce. In the case of junk e-mail, often referred to as spam, he said there are so many companies that don't play by the rules and existing legislation has not been effective.

So far, there haven't been a large number of enforcement actions taken for privacy violations, McCreary said. "It has been quite limited in scope - it has not been significant," he said. And because of this, it's quite possible that some companies are knowingly violating the rules and banking on the assumption that they will not get caught. He said these companies may be "ignoring the law - 'Take your chances and hope you don't get caught.' "

Large financial services companies, such as banking and credit firms, are most likely to abide by privacy rules, he added, as they may have the most to lose. But corporate policies are not enough to guard against privacy breaches. There have been cases where employees have stolen data from their employers for the purpose of using, selling or transferring that data. And security breaches can also come in the form of outside cyber-attacks that are aimed at gaining access to customer or employee personal information.

Linda M. Johnson, a spokeswoman for the National Association of Realtors, said the association launched a Realtor Secure certification program last year that sets standards for data security. In order to receive certification, companies must complete a self-review, select a third-party evaluator from a list and undergo a final approval and certification by the association's Center for Realtor Technology.

Realtors' telemarketing efforts are also subject to Do Not Call and Do Not E-mail laws, Johnson said, and the association has produced a list of questions and answers regarding these laws and produced a field guide to aid members about this anti-solicitation legislation. Our state associations have undertaken similar educational efforts to keep their members up-to-speed," she said.

The association collects home address and home phone numbers of its more than 1 million members, but does not display this information online in any directories, Johnson said. "In addition, anti-screen-scrapping techniques have been implemented to prevent the collection of public information on our members by automated means," she added. And the association pays two outside firms to perform security scans of its network seven times a year, she said.

"MasterCard requires NAR to pass four security scans annually in order to continue use of their services," she said. "In addition, NAR independently has three penetrations tests performed to determine if any weaknesses exist in the network. If any are discovered, they are immediately resolved."

The association, which has a strong lobbying arm, is now keeping a close eye on federal legislation that applies to the use of faxes, and is also following the provisions of the Fair and Accurate Credit Transactions Act that relate to affiliate sharing of consumer information for marketing purposes, Johnson added.

June Barlow, general counsel for the California Association of Realtors, said Realtors typically don't handle the type of consumer personal information that is at the core of many privacy laws, and as a result real estate agents are largely "at the edges" of privacy legislation unless the real estate brokerages are also in the mortgage loan business. The information that is typically the subject of privacy laws is more applicable to mortgage loan companies, she said.

The California Online Privacy Protection Act, a new privacy law in California that went into effect July 1, shouldn't have much impact for the online real estate industry, she said. "The people who are in the online world...pretty much stay on top of that," she said, and the legislation was "not remarkable" among the hundreds of other pieces of legislation that the association tracks for its membership each year.

If the association received a consumer complaint related to privacy, Barlow said it would likely direct that complaint to the real estate broker who is the subject of the complaint. "We're not a decision-maker in that. That is something that would be between the consumer and the broker."

The Direct Marketing Association, a trade association that represents direct, database and interactive global marketers, and has about 4,700 member companies in the U.S. and abroad, has a committee that reviews complaints relating to consumer privacy. "We do monitor and make sure that these companies are doing what they say they are doing," said Jordan Cohen, public policy manager and spokesman for the association.

The group opposes spam, as it muddies the "effectiveness of legitimate commercial e-mail," said Cohen. "We support all kinds of legal action against spammers." The group regularly communicates to members to keep them informed about privacy laws, he added. "Our advice is generally to take the most restrictive (path) when there's a lack of clarity," he said. The latest briefing to members, released this week, relates to the need for marketers to get up to speed in e-mail authentication technology trends so that they can continue to send marketing e-mails.

Cohen said federal laws seem to be the most effective at regulating online companies. "Everything regulating the Internet we think should be at a federal level," he said. "E-commerce has a lot of promise," he said, and it's important to "allow businesses to operate in a manner that they can remain viable or even prosper."

The association maintains its own do-not-call, do-not-e-mail and do-not-mail lists.

Peter P. Swire, a law professor at Ohio State University in Columbus, Ohio, who served as U.S. chief counselor for privacy from 1999-2001 under the Clinton Administration, said, "The rise of the Internet made privacy a concern. The rise of e-commerce made privacy a bigger concern."

Swire said lenders, as participants in mortgage transactions, "had incentives for a long time to share customer information."

With the spread of e-commerce, it can be difficult for consumers to track the sharing of personal information between companies, Swire said. "For customers, it's hard to know where the data is going. Consumers' biggest concern is that the data will be sent to unknown third-parties," he said.

He noted that there haven't been a lot of enforcement actions relating to privacy violations under the Gramm-Leach-Bliley Act, "Perhaps because the major players are basically complying." The penalties for violations have the potential to "get very serious, very quickly," and can include severe fines and even cease-and-desist orders, he said.

Those companies that choose to ignore privacy laws could face consumer and regulator wrath if they are caught, he said. "If real estate companies surprise their customers in how they use data, they run a political risk and public-relations risk. It might seem worth it to grab data and use it in a very aggressive way, but Gramm-Leach-BlileyÉand other laws show that Congress will react if the industry violates customers' expectations."

Article © Anywhere Communications All Rights Reserved