Thursday, June 6, 2024

At a glance (2 minute read)

  • GVR uses advanced security practices like employee training, data encryption, dark web monitoring, multi-factor authentication, penetration testing, intrusion detection, and up-to-date firewalls, and antivirus software.
  • Your association also ensures all partners follow strict security standards through regular assessments and strict data protection protocols.
  • Looking at privacy, GVR complies with Canadian privacy laws, stores critical data on Canadian servers, and includes privacy requirements in service provider contracts.

From the MLS® to members’ personal data, Greater Vancouver REALTORS® (GVR) maintains many databases of sensitive information.

Because of the nature of these databases, GVR has a robust security infrastructure that we continuously enhance to ensure your information remains private and secure.

Keeping data secure

We understand it's essential for our members to know that we take your data security seriously.

However, any information we provide about our security measures can also inform bad actors, which can limit the usefulness of our tools. By not detailing every aspect publicly, we reduce the risk of potential attacks exploiting known defenses.

With that in mind, we can share some of the measures we have in place.

  • Robust employee training: We employ third-party experts to continuously train all our staff on the latest security best practices.
  • Encryption: We encrypt all sensitive data both in transit (when transferring) and at rest (when stored in our systems).
  • Dark web monitoring: We utilize tools to monitor the dark web for signs of compromised data, enabling us to proactively address potential threats.
  • Multi-Factor Authentication (MFA): While it may be an extra step to log in, we now require MFA for all our systems, significantly reducing the risk of unauthorized access.
  • Regular penetration testing: We conduct frequent penetration testing to identify and address potential vulnerabilities.
  • Intrusion Detection Systems (IDS): We have multiple IDS in place that monitor and respond to any suspicious activities in real-time.
  • Firewalls and antivirus software: We’ve set up robust firewalls and up-to-date antivirus software in all our business systems.
  • Partner security requirements: We enforce strict security standards for all our partners, including the providers of key systems like Paragon and SentriLock. They must undergo regular security assessments and adhere to our stringent data protection protocols, ensuring their systems are as secure as ours.

Keeping your data private

Security is just one aspect of our data strategy. We also understand privacy is important to both members and their clients.

While privacy laws don't require us to store all data on Canadian servers, our organizational policy ensures that all critical and sensitive data is managed in accordance with the most stringent guidelines and best practices.

We review each of our partners’ data storage solution to ensure compliance with Canadian privacy legislation. We also build these requirements into the contractual agreements we have with our service providers.