Did you know that Privacy Awareness Week is next week? Have you thought about how your office can participate and champion privacy with the rest of Australia?
Do you know your legal obligations when it comes to the information you collect in your real estate business?
There can be massive financial consequences if you are found to be in breach of the Privacy Act, with a possible fine of $2.1 million for each breach.
Leading real estate lawyer Kristen Porter said one of the main challenges is there hasn’t been enough education in the industry around privacy.
“There is confusion about your obligations and clients of agencies are becoming savvier about their rights with privacy,” she said.
Ms Porter, founder of the real estate law specialist O*NO Legal, regularly fields questions about the kind of information an agency can pass on to a landlord or vendor about a tenant or buyer.
As part of Privacy Awareness Week, O*NO Legal is holding a free Privacy Prepared webinar at 10am (EST) on May 5.
The session aims to ensure agencies and staff understand the privacy must-haves they need in place, how to deal with privacy complaints and how to identify a notifiable breach.
“The Privacy Act changed a couple of years ago and people need to be up to date about when they need to notify the commissioner about a data breach, or if they need to report that breach,” Ms Porter said.
“Knowing when to report and how to mitigate the breach is important. If you can show you have followed steps such as containing the breach, you might not need to notify.”
The webinar will present case studies of legal privacy issues and the lessons from them.
“It could be leaving a USB on a bus where the information is not encrypted,” Ms Porter said.
“There was a robbery at an agency where laptops were stolen. Those weren’t encrypted so that is a reportable breach.
“It is not just start-ups affected. Some of these are big agencies with their own compliance teams.
“One example I saw was with leasing details that had to be in a contract of sale because it wasn’t a vacant possession. When the property manager sent the information to the solicitor the complete tenant’s file was included with licence, passport and tax file number.
“The property manager, agent and solicitor didn’t notice and the file was sent to 50 potential purchasers.
“In another example, a CRM data migration of 14,000 individuals was accidentally sent to one person. It wasn’t sensitive information in this case but the fine is per breach, so in a worst-case scenario, that is $2 million times 14,000.”
Failing to act on breaches is where agencies face heavy fines, Ms Porter said.
“I have not had any clients yet been fined if they mitigate and self-report,” she said.
“If you have a problem and the commissioner comes knocking, it helps if you can prove you and your staff have done privacy training.
“This session is not just for principals, it is for everyone on the ground. The reality is, if you can show the commissioner that you and your team have taken part in privacy training, they will know you are at least trying to comply with the Act and may just go a little easier on you.
“And if the Act does not apply to you they can also see that you respect your clients and their personal data.”
To register, visit https://www.onolegal.com.au/privacy-prepared-webinar-paw22-register