2 minute read
Privacy and real estate — how is the Privacy Act 2020 relevant to agents?
The new Privacy Act 2020 came into force at the end of December 2020. It brought changes that mean privacy needs to be taken into greater consideration by businesses and organisations that collect, store, use and disclose personal information about individuals. Privacy is essential when business activities involve handling personal information.
Real estate work involves dealing with a large volume of personal information, and it is vital that agents and agencies know, and comply with, their privacy obligations.
Advertisement
To consider whether something is personal information, you will need to ask: is there a reasonable chance that someone can be personally identified with this information?
In real estate, this is likely to include information such as full legal names, email and telephone details, residential addresses, door and alarm access codes, financial information, family information (for example, sickness or death of a family member as the basis for a sale), and sale history records.
So, what are some fundamental ways to protect privacy when performing your day-to-day role?
Make it clear what information is collected and why
If using a sign-up sheet at open homes, you must include a privacy statement on the form outlining the purpose of collecting the information, who will see and have access to it, and the individual’s right to access and correct the information they provide. 'Access' to the information includes all the people at the open home using the same form. People must be given the option to opt-out from giving information and being contacted, which may be as a tick box the physical form.
Store information safely and securely
You must store personal information responsibly and ensure that unauthorised people cannot view or access that information. Prevent unwanted access by using separate forms for prospective purchasers at open homes, securing information in locked files or password protected folders, and re-checking email addresses to ensure any personal information goes to the correct recipient.
Only use personal information for the purposes it was collected
You will naturally be handling large amounts of personal information relating to offers, finance, and Sale and Purchase Agreements. You must ensure that every piece of information is used solely for the purpose for which it is collected. You must only disclose personal information when it is in line with the purpose for which it was collected, or otherwise with the individual’s consent (except in very limited circumstances such as an emergency).
Retention and secure destruction
Once you no longer need the personal information you have collected, you should dispose of it securely, whether it is a digital or physical format. You should not retain information longer than for the purpose for which it was required.
Access and correction
People have the right to request access to and correction of any personal information held about them. Generally, an organisation must provide access to the personal information it holds about someone if they ask to see it and correct it as requested — unless there is good reason to refuse an access and/or correction request.
Generally, your day-to-day handling of personal information will be secure if you get the privacy basics right. This includes setting strong passwords which are changed regularly to secure information, verifying who you are sending personal information to, and ensuring physical documents are locked away from unauthorised access. If in doubt, talk with your agency’s Privacy Officer.
Louisa Joblin
Associate Commercial Lawyer, Rainey Collins
