Rental Assessment Privacy: How much is too much information to ask for 

O*NO! With vacancies scarce and demand sky-high, your mission as an agent is to find renters who are reliable, easy to deal with, and best suited to protect your clients investment. However, in your quest to find the ideal match, you need to tread carefully to ensure you’re not overstepping boundaries and compromising tenant privacy.  

As the rental market becomes increasingly competitive, there's a growing trend among real estate agents to ramp up their vetting procedures. While the intention may be to mitigate risk, this practice can inadvertently expose tenants to potential data breaches and privacy infringements. This blog is all about exploring new vetting practices in the industry, the privacy risks to your agency and reputation, and how to avoid this.

Privacy Recap: Personal Information and the Law

What is personal information: Personal information refers to any information that can be used to identify an individual (eg. name, address, email etc.) Even things that don't seem important on their own can become personal information when they're combined with other details, like a first name and a place of work

Do I have to follow Privacy Laws: Privacy in Australia is governed by the Privacy Act 1988.

This Act applies to certain businesses based on their annual turnover. Businesses with an annual turnover exceeding $3 million must comply with the Act, regardless of their structure. This includes sole traders, partnerships, trusts, and other unincorporated associations.

So, why should I care if I don’t meet the turnover threshold: Even if your agency doesn't meet the turnover threshold, it's recommended to comply with the Act for three reasons: to meet public and client expectations, maintain trust, and align with privacy standards. This also includes encouraging individual agents to uphold safe privacy practices because they’re putting their professional careers and your agency at risk.

What are APPs: Under the Privacy Act, there are also 13 Australian Privacy Principles, or APPs. These principles are standards for how to legally, and safely, collect, store, use, or otherwise deal with personal information.

Personal Information Collection: How much is too much?

In the typical rental application process, many of us are accustomed to providing basic documentation such as proof of income, reference letters, and rental history. However, this pursuit of the ideal renter has inadvertently led to a concerning trend of overreaching in the collection of personal information during the application process. This is made worse by the absence of clear legislative guidance, which only offers protection against discrimination based on disability or background.

The current landscape reflects a shift towards more intrusive data collection practices, with requests extending to detailed work and rental histories, bank statements, proof of savings and spending, self-funded background checks, and even social media profiles and pet resumes, and yes this is exactly what is sounds like and includes disclosing facts like their age, breed, medical history. This expansive list of demands not only raises eyebrows among tenants but also raises significant concerns about the security and privacy of the data being collected.

While the intention may be to mitigate risk and safeguard the interests of owners, the unintended consequence is a potential breach of tenant privacy.

The Dangers of Overreaching for Personal Info

We're all familiar with data breaches, which occur when personal information is accessed, disclosed, or lost without authorisation. These breaches can happen accidentally or maliciously, involving internal parties such as employees or external parties like hackers.

The looming threat of a data breach hangs over the real estate industry like a dark cloud – if it can happen to majors players like Optus, then anyone’s business is vulnerable. As real estate agents amass increasing volumes of sensitive information on rental applicants, they inadvertently become prime targets for cyberattacks.

Experiencing a data breach is a pricey and time-consuming ordeal that could seriously threaten your agency. On average, a single breach can set a company back around $3.35 million in Australia. This financial hit includes hefty fines of up to $50 million, legal costs from potential lawsuits, and fees for hiring experts to handle and mitigate the breach. Plus, data breaches can tarnish your reputation, potentially driving away customers and deterring new ones.

Moreover, the real estate industry's reputation regarding privacy practices is already on shaky ground. According to the Deloitte Privacy Index 23, the industry ranks fourth in terms of privacy practices, trailing behind government entities. This lack of consumer trust is further exacerbated by negative perceptions of the industry's ability to protect online information.

The more personal information you collect, the more you'll have to invest in keeping it safe, even if you end up not using it for anything substantial. Remember, each piece of information holds importance to the individual it belongs to. Not only does this mean beefing up security measures to protect their privacy, but it also makes your agency an appealing target for cyberattacks. Despite having the ability to ask for a wealth of information from potential tenants, going overboard with requests may not be worth it in the end. It's all about finding the right balance between gathering enough data to assess suitability and respecting people's privacy. After all, maintaining trust with your clients and the public is key.

 

How to avoid privacy risks with your tenancy assessments

  •  Limit Information Collection: Agents should only request information that is directly relevant to assessing a tenant's suitability for the property. Avoid asking for unnecessary details that may compromise tenant privacy.

  • Transparency: Be transparent with rental applicants about the purpose of collecting certain information and how it will be used. Provide clear explanations for why specific details are needed and reassure applicants about the security measures in place to protect their data.

  • Education: Ensure that all staff members involved in the rental application process are trained on privacy best practices. Emphasise the importance of respecting tenant privacy and adhering to data protection protocols.

  • Secure Data Handling: Implement robust cybersecurity measures to safeguard the sensitive information collected from rental applicants. This includes encryption, firewalls, regular security audits, and secure storage systems to prevent unauthorised access or data breaches.

  • Regular Review: Periodically review your data collection practices to identify any areas where improvements can be made to enhance privacy protection. Get feedback from rental applicants to see their comfort level with the information requested and adjust accordingly.

 

Key Takeaways

  • It's essential to find reliable tenants who can protect your clients' investments. However, be cautious not to overstep boundaries and compromise tenant privacy while ramping up vetting procedures.

  • Regardless of meeting the turnover threshold, it's crucial to comply with privacy laws, including the Privacy Act 1988 and the Australian Privacy Principles (APPs). This ensures meeting public and client expectations, maintaining trust, and aligning with privacy standards.

  • The trend of intrusive data collection practices raises concerns about security and privacy. While the intention may be to mitigate risk, it could lead to potential data breaches and compromise tenant privacy, impacting agency reputation and trust.

  • To avoid privacy risks, limit information collection to what's necessary, maintain transparency with rental applicants, educate staff on privacy best practices, secure data handling with robust cybersecurity measures, and regularly review and adjust data collection practices based on feedback from rental applicants.

Your Next Steps

Need help ensuring your agency’s privacy practices and rental assessment processes are legally compliant and protecting you? Get in touch with the experts at O*NO Legal to see how we can solidify your privacy framework.

Boring legal stuff: This article is general information only and cannot be regarded as legal, financial or accounting advice as it does not take into account your personal circumstances. For tailored advice, please contact us. PS - congratulations if you have read this far, you must love legal disclaimers or are a sucker for punishment.

Previous
Previous

What Happens if a sole tenant dies? Your Legal obligations on unexpected tenant deaths

Next
Next

The risks of blind/price searches: Are you accidentally underquoting on online platforms?