Real estate agents under the microscope in Australian-first privacy ‘compliance sweep’

Click any word to translate

Real estate agencies who ask for phone numbers at open houses, car dealerships that keep driver licences on file, and pubs and bars that scan IDs for entry will be targeted by the privacy regulator in its first “compliance sweep” of dozens of businesses.

The crackdown by the Office of the Australian Information Commissioner could see businesses fined up to $66,000 if their privacy policies fail to meet legal standards.

The commissioner, Elizabeth Tydd, said there was often a “power asymmetry” when a company confronted customers with in-person requests for personal information, which people feel unable to refuse.

The agency’s privacy commissioner, Carly Kind, said such situations can make customers vulnerable to overcollection of personal information and creates risks to their security and privacy.

Some companies then put customers at risk by holding their personal information for much longer than was necessary.

_{Sign up: AU Breaking News email}

“When that happens, it creates additional privacy risks; for example, cybersecurity risks where personal information can be harvested,” Tydd told ABC News on Friday.

Companies targeted by the sweep will have to demonstrate their policies clearly detail how and why they store customer data, including how long it is stored and if it is sent overseas.

The OAIC will inspect 60 businesses across six high-risk sectors throughout January, where customers are asked for personal details during short, urgent transactions, Tydd said.

They will include:

Rental and property inspections.
Chemists and pharmacists who collect information for paperless receipts and medication provision.
Licensed venues that collect ID’s for entry.
Pawnshops and secondhand dealers, and
Car rental companies and car dealerships that collect personal data for rentals or test drives.

James Voortman, chief executive of the Australian Automotive Dealer Association, said cybercriminals had targeted dealerships in pursuit of their customer data, resulting in numerous data breaches in recent years.

“Customers can take comfort in the fact that new car dealerships have spent a great deal of time, money and effort to effectively protect the data,” Voortman said.

Real estate agencies have been criticised for unnecessary collection and storage of personal information, with some agents requesting tenants share 12 months’ worth of bank statements, personal social media profiles and details about their tattoos.

Franchises of real estate agents Harcourts and LJ Hooker were hit by data breaches in 2022 but the industry has previously pushed back against tighter rules on data protection.

The New South Wales government in July moved to limit data gathering after estimating real estate agencies collected about 187,000 pieces of identification information each week.

Stacey Holt, risk adviser and chief executive of Real Estate Excellence, said agencies were more likely to accept applications when prospective tenants allowed them to collect and store more data.

“Most people, because they’re desperate for a home, are doing all the things they can do to make them look good,” Holt said.

Real estate agencies kept tenant details and identification on file to meet landlords’ insurance obligations and to serve clients effectively, Holt said. Open home attenders’ details may be kept to contact potential homebuyers for marketing, or less often in case of theft.

Holt said most businesses she worked with would delete data when it was no longer necessary. Breaches were more likely to be observed among agencies reusing generic privacy policies borrowed from other websites or by franchisees from brands, she said.

Larger businesses with more customers would be targeted but the review could also check on small franchisees of big national brands in sectors such as real estate, an OAIC spokesperson said.

Some targeted businesses could be caught unawares when they resumed trading after a holiday shutdown, Holt said, since the sweep was announced during the busy mid-December period.

The commissioner on Friday said businesses would likely have strengthened their privacy policies in anticipation of the crackdown.

Loading...

Please wait for a bit

Real estate agents under the microscope in Australian-first privacy ‘compliance sweep’

Click any word to translate

Original article by Luca Ittimani

The crackdown by the Office of the Australian Information Commissioner could see businesses fined up to $66,000 if their privacy policies fail to meet legal standards.

The agency’s privacy commissioner, Carly Kind, said such situations can make customers vulnerable to overcollection of personal information and creates risks to their security and privacy.

Some companies then put customers at risk by holding their personal information for much longer than was necessary.

_{Sign up: AU Breaking News email}

“When that happens, it creates additional privacy risks; for example, cybersecurity risks where personal information can be harvested,” Tydd told ABC News on Friday.

Companies targeted by the sweep will have to demonstrate their policies clearly detail how and why they store customer data, including how long it is stored and if it is sent overseas.

The OAIC will inspect 60 businesses across six high-risk sectors throughout January, where customers are asked for personal details during short, urgent transactions, Tydd said.

They will include:

Rental and property inspections.
Chemists and pharmacists who collect information for paperless receipts and medication provision.
Licensed venues that collect ID’s for entry.
Pawnshops and secondhand dealers, and
Car rental companies and car dealerships that collect personal data for rentals or test drives.

Franchises of real estate agents Harcourts and LJ Hooker were hit by data breaches in 2022 but the industry has previously pushed back against tighter rules on data protection.

The New South Wales government in July moved to limit data gathering after estimating real estate agencies collected about 187,000 pieces of identification information each week.

Stacey Holt, risk adviser and chief executive of Real Estate Excellence, said agencies were more likely to accept applications when prospective tenants allowed them to collect and store more data.

“Most people, because they’re desperate for a home, are doing all the things they can do to make them look good,” Holt said.

Larger businesses with more customers would be targeted but the review could also check on small franchisees of big national brands in sectors such as real estate, an OAIC spokesperson said.

Some targeted businesses could be caught unawares when they resumed trading after a holiday shutdown, Holt said, since the sweep was announced during the busy mid-December period.

The commissioner on Friday said businesses would likely have strengthened their privacy policies in anticipation of the crackdown.