Some MLS Printouts Don’t Go in the Trash

Most brokers and agents already understand that the “file” often contains very sensitive personal and financial data. In fact, the copy of a client’s check (including ABA and routing number) and other financial and identification information found in the file are so sensitive that if a file is improperly accessed, discarded, lost, or stolen rather than properly stored securely and shredded when allowed by state real estate regulations, most state laws require the clients be notified of a security breach – and the outcome can be very embarrassing or possibly even business-ending for a brokerage.

But real estate professionals handle other sensitive information every day – and some may not understand how sensitive it is and the special care required. Specifically, there are some MLS listing reports – often referred to as “agent” reports – that contain information such as agent remarks, commission, and other information – all of which is highly confidential. Sometimes there are showing instructions that no one wants to fall into the wrong hands – “Child home alone between 3 and 5, don’t show”, “Guard dog is really a pussycat”, “Owner on vacation until May – show at will”. Sometimes there is other sensitive information in the report – even descriptions of certain valuables and alarm codes, even though it is generally discouraged to put that kind of information in the MLS.

What does this mean to you? If you handle these kinds of reports, you need to keep them confidential – be careful not to forward them to via email, do not provide those reports to clients, and erase them from your computer when done using them. Also, when you’re done with a printout you should use a cross-cut shredder to destroy it rather than putting it right in the trash or recycle bin. You don’t have to read every report and decide if it has sensitive information on it – just make it a habit to use that shredder.

For more information on what constitutes personal information, data retention laws and practices, breach notification laws and other facts you need to know about information security on a state by state basis, you can download NAR’s “Data Security and Privacy Toolkit” from (requires login) – or visit the Real Estate Information Security Center: for that toolkit and many other useful articles.

About the author: Matt Cohen is Clareity Consulting’s Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops, and leadership retreats around the country on security-related topics, and is a well-regarded real estate industry expert on real estate technology and information security. Clareity Consulting ( was founded in 1996 to provide management and information technology consulting to the real estate industry.