In a market where there is chronic shortage of rental properties, data security has become an issue for renters, who say they have no choice when asked to provide extensive personal information. Recent data breaches have raised concerns about the over collection of data by real estate agents.

You can watch the drama unfold, though this series of articles, and yes, the inevitable happens.

• RentTech platforms making renting that much harder
• ‘Data breach waiting to happen’: Warning for real estate agents and renters on personal info requests
• Real estate agents keep as much privacy data as Optus – Should you be concerned?
• A real estate agent data breach would be devastating for renters. They collect too much personal information
• Rental applicants across the country pressured to pay for their own background checks
• Real estate firm breached, signatures and IDs stolen
• Tenants’ rights: What are your options when landlords raise your rent?
• Advocates had warned of the dangers of a real estate data breach. It just happened
• Real estate agency LJ Hooker hit with data breach

RentTech platforms making renting that much harder

In a national CHOICE survey, 41% of people who rent said they were pressured to use a RentTech platform such as Ignite, 2Apply, Snug, tApp and others.

RentTech platforms demand excessive personal data from prospective tenants who are given little choice but to provide it

Read more of the Report here.

Australian consumer group CHOICE is calling on the Federal Government to urgently commit to privacy reforms to protect renters from the risks created by rental technologies, among other recommendation. You too can make your voice heard. 

Sign the petition for stronger privacy protections

‘Data breach waiting to happen’: Warning for real estate agents and renters on personal info requests

Years of work and rental history, bank statements, self-funded background checks, social media profiles and pet resumes are just some details that prospective renters have to provide to secure a property.

Experts have raised concerns about the potential risk of an Optus-style data breach waiting to happen in the real estate industry as it amasses more and more sensitive information on rental applicants.

Real estate agents keep as much privacy data as Optus – Should you be concerned?

Last week’s Optus data breach shocked the nation, but real estate industry collects just as much if not more of your privacy data.

When you’re desperate for your next rental unit or your dream home, you are also unlikely to have a level playing field in saying no even questioning how much detail you should give up.

Samanthan Floreani from Digital Rights Watch warns it is well worth your effort to stop and think again before providing everything willy-nilly.

Read more: ABC News, October 4, 2022

A real estate agent data breach would be devastating for renters. They collect too much personal information

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country…

Many small real estate agents aren’t covered by the Privacy Act, and those that are appear to be seriously massaging the law around data collection and handling that is “reasonably necessary”.

Each state also has its own tenancy law, which may place some limitations on what agents are allowed to collect. For example, in Victoria, real estate agents are not allowed to require any information that relates to a protected attribute without telling you why in writing. This includes age, gender, race, disability, sexual orientation, profession, religious belief and marital or parental status. They’re also not allowed to ask for bank statements that contain daily transactions.

And yet, real estate agents continue to regularly ask for this information.

The trouble is, it’s not just about what is legal – it’s also a question of power. As long as agents have the ability to make you homeless, renters will do what they ask, and regulations mean very little if they are poorly enforced.

Read more: The Guardian, October 4 , 2022

Rental applicants across the country pressured to pay for their own background checks

When Louise Camona was told her rent would be rising by $120 a week, she knew she, her husband and their four kids were going to have to find somewhere else to live.

“Paying that amount is going to break us in the end,” she said.

When Ms Camona found a property she liked, the online application form urged her to pay for her own background check to help her application “stand out from the pack”.

Real estate firm breached, signatures and IDs stolen

Privacy advocates are calling for an overhaul of the way renters’ personal information is stored after real estate firm Harcourts Melbourne City revealed that a recent cyber-attack may have compromised identity documents and other details of its clients and their tenants…

Harcourts has blamed the breach on the compromise of an account of an employee of real estate service provider StaffLink, which provides property and task management software to help real estate agents run more efficiently.

Based on the company’s description of events, an employee account was compromised after an employee used a personal device for work purposes, rather than using their more secure company-issued device – allowing a cyber criminal access to Harcourts personal data.

Read more: Information Age, November 3, 2022

Advocates had warned of the dangers of a real estate data breach. It just happened.

Australian real estate agency Harcourts has revealed it was affected by a cyber-attack last month, with the personal information of tenants, landlords, and tradespeople potentially exposed.

In an email sent to customers of the Melbourne City franchisee of Harcourts, the company said it became aware on 24 October that an “unknown third party” had accessed its rental property database.

Harcourts said on Thursday that the breach occurred when the account of a representative at service provider Stafflink, which gives the franchisee administrative support, was allegedly compromised and accessed by that unknown third party.

Read more: SBS News, 3 November, 2022

‘The wild west”: New headache for home-hunters in a tough market

Renter Nick Duncan spent three weeks looking for a rental with his partner in Sydney, and he was struck by how much information he needed to hand over in the hopes of securing a lease.

“The market is so hot … We felt like if we wanted to get a place we had to abide by all the rules and provide everything that was asked,” Duncan said…

UNSW Institute for Cyber Security director Nigel Phair said renters were ultimately powerless, which was unusual compared to other circumstances where consumers could choose to opt out.

“The renter has no power in the relationship,” Phair said. “When we have data privacy laws they should have a degree of power. They should be able to opt out.”

Phair thought the third-party rental databases were ripe for data harvesting.

“There is no rule governing, outside of the notifiable breach scheme, that a real estate agent should only collect XYZ.

“It’s a really unregulated market. It’s the wild west. It’s terrible. It’s stressful.”

Beyond verifying 100 points of identity, it was unnecessary for the industry to be asking for any more information, Phair said.

Read more: The Sydney Morning Herald, 15 December, 2022 (paywall)