Cybersecurity breaches call for rental data collection overhaul

Now is the time for governments to review tenancy laws to better protect tenants.

Recent data breaches have highlighted concerns about just how secure our personal information is in the hands of companies. But there’s one sector where a large-scale cybersecurity breach would be devastating – real estate.

A data breach in the rental sector is a growing concern for renters, who regularly hand over large amounts of personal information when applying for rental housing. Transparency over how this information is used, shared and secured is often unclear.

Dr Chris Martin, Senior Research Fellow from the UNSW City Futures Research Centre, says the ability of real estate agents and landlords to collect vast amounts of sensitive information is a significant concern. The tenancy law expert says now is the time for governments to regulate data collection in the rental sector.

“They’re collecting a lot more personal information, with arguably not a whole lot of purpose behind it,” Dr Martin says. “It’s a big risk if all of that information falls into the wrong hands.”

Multiple identification documents, bank statements, utility bills, employment details and rental history are standard asks – more than enough to falsify an identity. But social media accounts, pet profiles and self-funded background checks are also becoming more common.

“The sorts of questions being asked in tenancy applications are getting more intense,” Dr Martin says. “Applicants might not want to hand over that level of information because of privacy concerns, but they’re in a position where they have little choice.”

Limitations of existing tenancy and privacy laws

Dr Martin says the issue stems from a lack of regulation over the amount and type of information property managers can ask from tenants.

Tenancy laws in most states and territories place few restrictions on what agents can collect. Only recent amendments to the Victorian Residential Tenancies Act restrict landlords and agents from asking tenants about previous disputes with renter providers, bond history, bank statements with daily transactions or information about protected attributes under discrimination law.

“It’s not just a matter of protecting tenants’ data from hackers. It’s an issue for housing access,” Dr Martin says. “Questions about source of income, social security recipient status and whether you’ve applied for social housing can be used to deny you a tenancy, and it’s not unlawful and not regulated in any jurisdiction.”

Individual landlords and some smaller agents aren’t covered by the Australian Privacy Principles. Those who are covered can collect information that is “reasonably necessary” for their functions or activities, which Dr Martin says leaves a lot of room for interpretation.

“If it’s argued their function is to assess the best candidate for tenancy, then there could be quite a broad scope to argue they can legally collect substantial personal information to do that.”

Regulating the tenancy application process

The Real Estate Institute has signalled concern about the amount of data being collected and supported better guidelines on what should be collected by agents. But Dr Martin says fear of reputational damage alone is not enough to ensure privacy concerns are addressed.

“We should be doing more in our residential tenancy legislation to regulate the tenancy application process and the information collected by agents, landlords and third-party intermediaries,” Dr Martin says.

One solution would be to review the tenancy application process and develop a standard application with prescribed questions.

“We could have a standard form for tenancy application that asks a reasonable number of relevant questions, and not the unreasonable, intrusive and risky questions landlords and agents may be asking now,” Dr Martins says.

Dr Martin says there’s a strong case for some modest regulation of landlords too, through registration and licencing requirements. The proposal would see landlords complete basic training to understand their responsibilities and obligations to tenants.

“We have registries in other parts of our rental housing system, like the boarding house and residential parks sectors, so it’s not without precedent,” Dr Martin says. “Other countries also have registration requirements for landlords, like some parts of the UK, which have some requirements around the education of landlords.

“It would give necessary information for policymakers about who is entering the sector and give tenants some reassurance there’s some visibility of their landlord’s history and conduct – good and bad.”

Dr Martin says that such reforms would help reduce the power imbalance between landlords and tenants.

“In tight markets, as we’re seeing in Australia now, landlords and agents feel they can ask for more and more,” Dr Martin says.

“The fact it always happens that way – that it’s landlords and agents extracting more and more from tenants – shows how asymmetric the relationship is and why we need stronger residential tenancy laws.”

ENDS

Media contacts:

Ben Knight
UNSW Media & Content
(02) 9065 4915
b.knight@unsw.edu.au

New Media Releases

Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organisations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust by continuously verifying every user and device.

Data#3 CFO appointment

Australian business technology solutions leader Data#3 Limited (ASX: DTL) today announces the appointment of Cherie O’Riordan as its new Chief Financial Officer (CFO), commencing on 30 January 2023.

Recent Podcast Episodes

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to production@kbi.media with your message.

Share This