A real estate agent data breach would be devastating for renters. They collect too much personal information | Samantha Floreani

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country.

If you’ve ever been a renter, this is probably a familiar story: you’re searching for somewhere to live, rents are high, competition is stiff, and in the process of applying you’re asked for immense amounts of information. In addition to identification documents (which we are all now very protective of), they probably ask for a background check, bank statements, and years’ worth of employment and rental history. You might feel uncomfortable about how much they ask for, but hey, what can you do? If you say no, someone else will say yes and get the house instead.

Most agents direct prospective renters to online application platforms, which only increases the risk of a data breach happening. The most popular, Ignite (formally 1Form), is part of REA Group, which is majority owned by News Corp.

And if you’re a property owner or aspiring landlord, don’t get too comfortable. When it comes to invasive data systems, renters are just the thin edge of the wedge. Invasive data-driven and automated systems are also increasingly popular for mortgage and insurance applications.

If we’ve learned anything from the Optus breach, it’s that the more data collected and stored, the worse it is when things go wrong. But this isn’t just a matter of digital security, although – yes – a real estate agent data breach would probably be devastating. It’s also about how this culture of data hoarding undermines the right to privacy and worsens the power imbalances between renters and landlords.

How do they get away with collecting so much of our information?

Many small real estate agents aren’t covered by the Privacy Act, and those that are appear to be seriously massaging the law around data collection and handling that is “reasonably necessary”.

Each state also has its own tenancy law, which may place some limitations on what agents are allowed to collect. For example, in Victoria, real estate agents are not allowed to require any information that relates to a protected attribute without telling you why in writing. This includes age, gender, race, disability, sexual orientation, profession, religious belief and marital or parental status. They’re also not allowed to ask for bank statements that contain daily transactions.

And yet, real estate agents continue to regularly ask for this information.

The trouble is, it’s not just about what is legal – it’s also a question of power. As long as agents have the ability to make you homeless, renters will do what they ask, and regulations mean very little if they are poorly enforced.

For instance, many renters fear being put on a Residential Tenancies Database (RTD or, more commonly, a ‘blacklist’). Once there, it can be extremely hard to find housing. These databases are part of the billion dollar data industry that extracts, aggregates, and sells personal information. Real estate agents buy access so that they can assess the risk of potential renters.

The largest RTD in Australia is owned by Equifax – the same Equifax that people are being urged to subscribe to as a way to mitigate the risk from the Optus data breach. The same Equifax that had its own massive data breach not so long ago. The data economy is all connected, and these often unheard of companies are able to build shockingly detailed profiles about us.

Studies of RTDs in Australia have found that “risky” renters disproportionately include low-income earners, young people, First Nations peoples, refugees, and recent migrants. In a private rental market with record high rents that has been dubbed the “epicentre” of the housing affordability crisis, the consequences of being flagged as “risky” are severe. Dhakshayini Sooriyakumaran, a scholar specialising in racialised surveillance, conducted research into these databases after being threatened to be blacklisted. They found that use of these systems perpetuates and codifies inequalities around race, gender and class.

Georga Wootton, a lawyer at Tenants Victoria, highlighted that even though there are legal restrictions about if and when people can be put on an RTD, the threat of being blacklisted is more potent than the reality. This works in the same way as invasive application processes, or being forced to use a third-party rental app – the prospect of losing access to housing is so fearsome, that most renters are left with no choice but to comply with whatever their real estate agent asks.

This creates a dangerous feedback loop: invasive data practices worsen the power imbalance between renters and agents, but that very power imbalance is what enables agents to collect and handle such vast quantities of our information with impunity.

It’s clear that there are serious gaps in the law which are permitting the real estate industry to collect, use, and store more information than they need. These data-extractive practices are no accident, it is a deliberate feature of their business model. And this issue is routinely overlooked, possibly because so many politicians are landlords.

It’s time that we treat housing as a human right not an investment, and privacy as a human right, not a luxury. The question is, do we need to wait for a massive data breach in the real estate sector before we see change?

Source link

Samantha Floreani