Cybersecurity Risk Management, Strategy and Governance	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Item 1C. CYBERSECURITY Information Technology and Cybersecurity The Company depends on the proper functioning, availability, and security of its information systems, including financial, data processing, communications, and operating systems, as well as proprietary software programs that are important to the efficient operation of the business. The Company also utilizes software applications provided by third parties, grants limited access to the Company’s systems to third parties providing specific outsourced functions or other services, and increasingly stores and transmits data using connected information technology or “cloud” systems. Any significant failures or disruptions of the Company’s critical information systems, including ransomware attacks or other cyber incidents, that impact the availability or other proper functioning of these systems or that result in the compromise of sensitive or confidential information, including information of tenants, employees, and others (including joint venture partners and Curbline Properties), could result in liability for the Company to third parties and have a significant impact on the Company’s operations and reputation. The Company’s internal audit team annually assesses and reviews the risks posed to the security of the Company’s networks, including a review of system and process assurance for information technology and application controls, and takes into account certain frameworks and policies. The Company’s internal audit team also reviews the Company’s fraud assessment and confirms IT management’s oversight of its cybersecurity policies. This oversight has been integrated into the Company’s enterprise risk management system. For example, the Company’s management team reviews the findings, if any, of the internal audit team’s assessments, analyzed the identified risks, and takes action based on the Company’s overall risk profile. In order to assess the risks posed to the Company’s information systems by third-party service providers and vendors, the information technology department, coordinating with the Company's internal audit services team, evaluates new software and network application vendors’ contracts, internal policies, certifications, and System and Organization Controls (“SOC”) reports during the procurement of solutions and services. To mitigate the risk and impact of any cybersecurity incidents on the security and availability of the Company’s networks, the Company’s information technology systems are protected through physical and software safeguards and backup procedures the Company considers appropriate. The Company contracts with independent cybersecurity providers for security event incident management, end-point detection and incident response monitoring, and security incident response services. Additionally, the Company has deployed a layered approach to network intrusion detection and protection using technology provided by industry-leading companies. The information technology department also performs timely system and security updates to maintain current software versions and apply appropriate security updates to reduce the Company’s risk. The Company has also implemented various safeguards designed to ensure the confidentiality, availability and the integrity of its network and data, including redundant telecommunication facilities, replicating critical data and backups to multiple off-site locations, a fire suppression system to protect the Company’s on-site data center, and electrical power protection and generation facilities. The Company also has a catastrophic disaster recovery plan and alternate processing capability available for its critical data processes in case of a catastrophe that renders the primary data center unusable. The Company conducts annual cybersecurity awareness training for all employees, new-hire cybersecurity training, monthly simulated phishing tests, and additional training for specific departmental requirements as part of the Company’s risk mitigation efforts. The Company also maintains cybersecurity insurance; however, there is no assurance that the insurance the Company maintains will cover all cybersecurity breaches or that policy limits will be sufficient to cover all related losses. Under the leadership of the Company’s Chief Technology Officer, the Company’s information technology department is primarily responsible for assessing and managing material risks to the Company’s information systems, including from cybersecurity threats. The Company’s Chief Technology Officer has over 30 years’ experience working in information technology and managing information technology systems and holds several specialized security certifications, including the Certified Information Security Manager certification from the Information Systems Audit and Control Association. In addition, certain members of the Company’s information technology department have obtained specialized security certifications, including accreditation as Certified Information Systems Security Professionals, and have prior work experience in various roles involving technology and security. The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment. The Company has adopted a Cybersecurity Incident Response Plan, which requires communication of cybersecurity incidents to varying levels and personnel within the organization depending on the severity of the threat impact and encompasses tactics related to cybersecurity, systems and facilities availability, and information privacy. The Board of Directors has specifically delegated oversight of the Company’s cybersecurity risks and related practices to the Audit Committee of the Board of Directors ( the “Audit Committee”) through the committee’s charter. At least annually, senior members of the Company’s information technology team (including the Chief Technology Officer) and internal audit services team brief the Audit Committee on information and cyber security matters, including results from risk assessments, the Company’s policies and its internal control function. The Audit Committee reviews such information alongside other company risks as part our overall risk assessment process. The Company has experienced issues from cybersecurity threats, including issues related to malware, email phishing, and other events intended to disrupt information systems, wrongfully obtain valuable information, or cause other malicious events. To the best of the Company’s knowledge, these threats have not materially affected the Company, nor have they materially obstructed the availability of its information systems and data on which it relies. Although no assurances can be given, the Company does not believe that such threats are reasonably likely to materially affect the Company in the future. See Item 1A. Risk Factors under the caption “Risks Related to the Company’s Business, Properties and Strategies—A Disruption, Failure or Breach of the Company’s Networks or Systems, Including as a Result of Cyber-Attacks, Could Harm Its Business.”
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company’s internal audit team annually assesses and reviews the risks posed to the security of the Company’s networks, including a review of system and process assurance for information technology and application controls, and takes into account certain frameworks and policies. The Company’s internal audit team also reviews the Company’s fraud assessment and confirms IT management’s oversight of its cybersecurity policies. This oversight has been integrated into the Company’s enterprise risk management system. For example, the Company’s management team reviews the findings, if any, of the internal audit team’s assessments, analyzed the identified risks, and takes action based on the Company’s overall risk profile. In order to assess the risks posed to the Company’s information systems by third-party service providers and vendors, the information technology department, coordinating with the Company's internal audit services team, evaluates new software and network application vendors’ contracts, internal policies, certifications, and System and Organization Controls (“SOC”) reports during the procurement of solutions and services.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Board of Directors has specifically delegated oversight of the Company’s cybersecurity risks and related practices to the Audit Committee of the Board of Directors ( the “Audit Committee”) through the committee’s charter. At least annually, senior members of the Company’s information technology team (including the Chief Technology Officer) and internal audit services team brief the Audit Committee on information and cyber security matters, including results from risk assessments, the Company’s policies and its internal control function. The Audit Committee reviews such information alongside other company risks as part our overall risk assessment process.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly.
Cybersecurity Risk Role of Management [Text Block]	certain members of the Company’s information technology department have obtained specialized security certifications, including accreditation as Certified Information Systems Security Professionals, and have prior work experience in various roles involving technology and security. The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Company has adopted a Cybersecurity Incident Response Plan, which requires communication of cybersecurity incidents to varying levels and personnel within the organization depending on the severity of the threat impact and encompasses tactics related to cybersecurity, systems and facilities availability, and information privacy
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Company’s Chief Technology Officer has over 30 years’ experience working in information technology and managing information technology systems and holds several specialized security certifications, including the Certified Information Security Manager certification from the Information Systems Audit and Control Association.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Company has adopted a Cybersecurity Incident Response Plan, which requires communication of cybersecurity incidents to varying levels and personnel within the organization depending on the severity of the threat impact and encompasses tactics related to cybersecurity, systems and facilities availability, and information privacy.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management, Strategy and Governance

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. CYBERSECURITY

Information Technology and Cybersecurity

The Company depends on the proper functioning, availability, and security of its information systems, including financial, data processing, communications, and operating systems, as well as proprietary software programs that are important to the efficient operation of the business. The Company also utilizes software applications provided by third parties, grants limited access to the Company’s systems to third parties providing specific outsourced functions or other services, and increasingly stores and transmits data using connected information technology or “cloud” systems. Any significant failures or disruptions of the Company’s critical information systems, including ransomware attacks or other cyber incidents, that impact the availability or other proper functioning of these systems or that result in the compromise of sensitive or confidential information, including information of tenants, employees, and others (including joint venture partners and Curbline Properties), could result in liability for the Company to third parties and have a significant impact on the Company’s operations and reputation.

The Company’s internal audit team annually assesses and reviews the risks posed to the security of the Company’s networks, including a review of system and process assurance for information technology and application controls, and takes into account certain frameworks and policies. The Company’s internal audit team also reviews the Company’s fraud assessment and confirms IT management’s oversight of its cybersecurity policies. This oversight has been integrated into the Company’s enterprise risk management system. For example, the Company’s management team reviews the findings, if any, of the internal audit team’s assessments, analyzed the identified risks, and takes action based on the Company’s overall risk profile. In order to assess the risks posed to the Company’s information systems by third-party service providers and vendors, the information technology department, coordinating with the Company's internal audit services team, evaluates new software and network application vendors’ contracts, internal policies, certifications, and System and Organization Controls (“SOC”) reports during the procurement of solutions and services.

To mitigate the risk and impact of any cybersecurity incidents on the security and availability of the Company’s networks, the Company’s information technology systems are protected through physical and software safeguards and backup procedures the Company considers appropriate. The Company contracts with independent cybersecurity providers for security event incident management, end-point detection and incident response monitoring, and security incident response services. Additionally, the Company has deployed a layered approach to network intrusion detection and protection using technology provided by industry-leading companies. The information technology department also performs timely system and security updates to maintain current software versions and apply appropriate security updates to reduce the Company’s risk.

The Company has also implemented various safeguards designed to ensure the confidentiality, availability and the integrity of its network and data, including redundant telecommunication facilities, replicating critical data and backups to multiple off-site locations, a fire suppression system to protect the Company’s on-site data center, and electrical power protection and generation

facilities. The Company also has a catastrophic disaster recovery plan and alternate processing capability available for its critical data processes in case of a catastrophe that renders the primary data center unusable.

The Company conducts annual cybersecurity awareness training for all employees, new-hire cybersecurity training, monthly simulated phishing tests, and additional training for specific departmental requirements as part of the Company’s risk mitigation efforts. The Company also maintains cybersecurity insurance; however, there is no assurance that the insurance the Company maintains will cover all cybersecurity breaches or that policy limits will be sufficient to cover all related losses.

Under the leadership of the Company’s Chief Technology Officer, the Company’s information technology department is primarily responsible for assessing and managing material risks to the Company’s information systems, including from cybersecurity threats. The Company’s Chief Technology Officer has over 30 years’ experience working in information technology and managing information technology systems and holds several specialized security certifications, including the Certified Information Security Manager certification from the Information Systems Audit and Control Association. In addition, certain members of the Company’s information technology department have obtained specialized security certifications, including accreditation as Certified Information Systems Security Professionals, and have prior work experience in various roles involving technology and security. The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment. The Company has adopted a Cybersecurity Incident Response Plan, which requires communication of cybersecurity incidents to varying levels and personnel within the organization depending on the severity of the threat impact and encompasses tactics related to cybersecurity, systems and facilities availability, and information privacy.

The Board of Directors has specifically delegated oversight of the Company’s cybersecurity risks and related practices to the Audit Committee of the Board of Directors ( the “Audit Committee”) through the committee’s charter. At least annually, senior members of the Company’s information technology team (including the Chief Technology Officer) and internal audit services team brief the Audit Committee on information and cyber security matters, including results from risk assessments, the Company’s policies and its internal control function. The Audit Committee reviews such information alongside other company risks as part our overall risk assessment process.

The Company has experienced issues from cybersecurity threats, including issues related to malware, email phishing, and other events intended to disrupt information systems, wrongfully obtain valuable information, or cause other malicious events. To the best of the Company’s knowledge, these threats have not materially affected the Company, nor have they materially obstructed the availability of its information systems and data on which it relies. Although no assurances can be given, the Company does not believe that such threats are reasonably likely to materially affect the Company in the future. See Item 1A. Risk Factors under the caption “Risks Related to the Company’s Business, Properties and Strategies—A Disruption, Failure or Breach of the Company’s Networks or Systems, Including as a Result of Cyber-Attacks, Could Harm Its Business.”

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly.

Cybersecurity Risk Role of Management [Text Block]

certain members of the Company’s information technology department have obtained specialized security certifications, including accreditation as Certified Information Systems Security Professionals, and have prior work experience in various roles involving technology and security. The Company has established an internal Security and Privacy Governance Committee, comprised of the Chief Technology Officer and other senior members of management that generally meets quarterly. This committee receives updates from the Company’s information technology department with respect to the implementation of various systems and security measures, the Company’s cybersecurity training and awareness program, enhancements or modifications to the security program, and the impacts of such changes to the Company’s information security risk environment.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The Company has adopted a Cybersecurity Incident Response Plan, which requires communication of cybersecurity incidents to varying levels and personnel within the organization depending on the severity of the threat impact and encompasses tactics related to cybersecurity, systems and facilities availability, and information privacy

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Company’s Chief Technology Officer has over 30 years’ experience working in information technology and managing information technology systems and holds several specialized security certifications, including the Certified Information Security Manager certification from the Information Systems Audit and Control Association.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true