Is the private data you hold about your tenants secure?

The new Notifiable Data Breaches (NDB) scheme has already taken effect across Australia. Sharon Fox-Slater shares what investors need to know in order to keep the data of their tenants safe.

sharon fox slater

The NDB requires all organisations covered by the Privacy Act 1988, and those who operate a residential tenancy database, to alert the Australian Information Officer of any data breach and to notify individuals likely to be at risk of serious harm.

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure, for example when:

  • A device containing customers’ personal information is lost or stolen;
  • A database containing personal information is hacked; or
  • Personal information is mistakenly provided to the wrong person.

While private landlords are unlikely to be subject to the requirements, the new legislation is making data security top of mind.

Whether you manage one investment property or a whole portfolio, the reality is that you or your property manager will be caretaking quite a lot of private information about your tenants, such as:

  • Names
  • Dates of birth
  • Email addresses
  • Postal addresses
  • Previous rental addresses
  • Driver’s licence/passport details or other ID
  • Employment details
  • Financial/bank account details; and (possibly)
  • Credit records

The fact is, personal information is big business, and criminals are always keen to get their hands on that information so they can make money or mischief. Identity theft is on the rise, as is financial fraud – and you may hold just the sort of confidential, personally identifiable information that the criminals need in order to perpetuate crimes.

Although you won’t be handed down fines and punishments that other businesses face for data breaches, exposing personal information of your tenants can expose you to big losses – financial, legal and reputation. These could have dire implications for your financial future.

So how can you help safeguard your tenant’s personal data? Here are a few tips:

  • Only collect the personal information from tenants that you actually need (and be careful about how you dispose of that information afterwards)
  • Store information on secure devices with security software such as a firewall, anti-spyware and anti-virus enabled, and keep the software up-to-date (keep any hard copies safe too as it isn’t only cyber criminals who steal personal information)
  • Encrypt all data on your devices (PC, laptop, tablet, smart phone), ensure any backed-up data (such as on USBs) is also kept safe, and be careful about what you upload in the cloud
  • Make sure your network is secure, including your Wi-Fi connection, and be vigilant about using any device in public areas
  • Use strong passwords on all your devices and never forget to lock them – info can be stolen in an instant without the device ever leaving your side
  • Understand what the cyber risks are – scams, spam, phishing, malware, ransomware – and how to spot them
  • Never share any personal information of your tenants with third parties, including those who may contact you for tenant reference checks (except under contract such as with a PM or if you are legally bound to do so such as by a court order)

It is also a good idea to talk your insurance broker about Cyber Liability cover. Check that your existing policies will protect you from cyber incidents or let them help you find a dedicated policy that’s right for you.

You need to be a member to post comments. Become a member for free today!

Comments powered by CComment

Related articles