Effective Date: July 2025

1. Purpose and Scope

Confidentiality is a cornerstone of our business at Vector Property Group (“Vector”). This policy outlines the mandatory procedures all affiliated licensees and personnel must follow to protect the sensitive information of our clients, customers, and the brokerage. This policy covers all data obtained during transactions, marketing activities, or any other business communications. Adherence to this policy is a condition of affiliation with Vector.

2. Definition of Confidential Information

Confidential Information includes, but is not limited to, any non-public personal, financial, or transactional data. Examples include:

  • Names, addresses, and contact details
  • Social Security numbers and driver’s license numbers
  • Financial details (bank statements, proof of funds, pre-approval letters, credit reports)
  • Offer amounts, terms, and negotiating positions
  • Copies of contracts, disclosures, and closing documents
  • Client motivations, timelines, or personal circumstances

3. Core Principles of Confidentiality

  • All Confidential Information must be treated with the utmost care and must not be disclosed to any unauthorized party.
  • Discussing client matters in public spaces or where the conversation can be overheard is strictly prohibited.
  • Information gained while affiliated with Vector shall not be used to the detriment of Vector, its licensees, employees, clients, or customers.
  • Office files related to listings and pending sales are accessible only to authorized staff and the licensees directly involved in the transaction.

4. Data Security Requirements

Licensees are personally responsible for safeguarding client data in compliance with all federal and state laws, including the Florida Information Protection Act (Fla. Stat. ยง 501.171).

4.1. Digital Data: Transmission and Storage

  • Encrypted Transmission: Sensitive client data must NEVER be sent via unencrypted email or standard text message (SMS). All transmission of Confidential Information must occur through secure, encrypted methods, such as:
    • Encrypted email services (e.g., ProtonMail, or Microsoft Outlook with encryption enabled).
    • Secure transaction management platforms (e.g., DocuSign, Dotloop).
    • Secure, access-controlled cloud storage links (e.g., Dropbox, Google Workspace) with two-factor authentication (2FA) enabled.
  • Secure Storage: Client data must be stored on password-protected devices (computers, phones, tablets) and within secure, brokerage-approved cloud services (e.g., Google Workspace, OneDrive). Multi-factor authentication (MFA) must be enabled on all accounts used for storing client data.

4.2. Physical Document Security

  • All physical files containing Confidential Information must be stored in locked file cabinets or offices accessible only to authorized personnel.
  • Transactional documents intended for a specific individual must be delivered in a sealed envelope.
  • No files may be removed from Vector’s premises without express permission from brokerage management.

4.3. Device Security and Wi-Fi Usage

  • All devices used to access client data must have up-to-date antivirus and anti-malware software installed.
  • Accessing or transmitting Confidential Information over public or unsecured Wi-Fi networks (e.g., at coffee shops, airports) is strictly prohibited.
  • Any lost or stolen device (laptop, phone) must be reported to brokerage management immediately.

5. Data Breach Reporting Protocol

A Data Breach is any incident of unauthorized access to or loss of sensitive data. If you suspect a data breach has occurred, you must follow these steps:

  1. Immediately Report: Notify the brokerage by emailing Legal@VectorPropGroup.com within 24 hours of discovering the incident.
  2. Provide Details: Include a summary of the event, the type of data involved, and any immediate steps you have taken.
  1. Cooperate Fully: Cooperate with the brokerage’s investigation, which will include notifying affected parties as required by law.

6. Third-Party Vendor Management

Any third-party vendor or software (e.g., CRM, marketing tools) used by a licensee that will handle client data must comply with this security policy. Upon request, licensees must provide Vector with the security and privacy agreements for any such vendor.

7. Data Retention and Disposal

Client data shall be retained only as long as necessary for business purposes or as required by Florida law. Once data is no longer needed, it must be disposed of securely:

  • Physical Documents: Must be shredded using a cross-cut shredder.
  • Digital Files: Must be permanently deleted using data-wiping software or secure deletion methods.

8. Compliance and Enforcement

Vector reserves the right to conduct annual audits of licensee data security practices. Non-compliance with this policy may result in disciplinary action, up to and including:

  • Termination of affiliation with Vector Property Group.
  • Personal liability for any damages or losses incurred.
  • Reporting to relevant regulatory bodies, such as the Florida Department of Business and Professional Regulation (DBPR).

Vector will provide annual training to support these requirements. This policy is also intended to support compliance with the General Data Protection Regulation (GDPR) in the limited circumstances where we may handle data for clients located in the European Union.