Did you know that Privacy Awareness Week is next week? Have you thought about how your office can participate and champion privacy with the rest of Australia?
Do you know your legal obligations when it comes to the information you collect in your real estate business?
There can be massive financial consequences if you are found to be in breach of the Privacy Act, with a possible fine of $2.1 million for each breach.
Leading real estate lawyer Kristen Porter said one of the main challenges is there hasnโt been enough education in the industry around privacy.
“There is confusion about your obligations and clients of agencies are becoming savvier about their rights with privacy,” she said.
Ms Porter, founder of the real estate law specialist O*NO Legal, regularly fields questions about the kind of information an agency can pass on to a landlord or vendor about a tenant or buyer.
โMy first question is โWhat does your privacy policy say?โโ Ms Porter said.
โA lot of agencies donโt have a privacy policy because under the Privacy Act agencies with less than $3 million annual revenue donโt have to comply. But it is much easier to have that policy to clear up any confusion.โ
As part of Privacy Awareness Week, O*NO Legal is holding a free Privacy Prepared webinar at 10am (EST) on May 5.
The session aims to ensure agencies and staff understand the privacy must-haves they need in place, how to deal with privacy complaints and how to identify a notifiable breach.
โThe Privacy Act changed a couple of years ago and people need to be up to date about when they need to notify the commissioner about a data breach, or if they need to report that breach,โ Ms Porter said.
โKnowing when to report and how to mitigate the breach is important. If you can show you have followed steps such as containing the breach, you might not need to notify.โ
The webinar will present case studies of legal privacy issues and the lessons from them.
โIt could be leaving a USB on a bus where the information is not encrypted,โ Ms Porter said.
โThere was a robbery at an agency where laptops were stolen. Those werenโt encrypted so that is a reportable breach.
โIt is not just start-ups affected. Some of these are big agencies with their own compliance teams.
โOne example I saw was with leasing details that had to be in a contract of sale because it wasnโt a vacant possession. When the property manager sent the information to the solicitor the complete tenantโs file was included with licence, passport and tax file number.
โThe property manager, agent and solicitor didnโt notice and the file was sent to 50 potential purchasers.
โIn another example, a CRM data migration of 14,000 individuals was accidentally sent to one person. It wasnโt sensitive information in this case but the fine is per breach, so in a worst-case scenario, that is $2 million times 14,000.โ
Failing to act on breaches is where agencies face heavy fines, Ms Porter said.
โI have not had any clients yet been fined if they mitigate and self-report,” she said.
“If you have a problem and the commissioner comes knocking, it helps if you can prove you and your staff have done privacy training.
โThis session is not just for principals, it is for everyone on the ground. The reality is, if you can show the commissioner that you and your team have taken part in privacy training, they will know you are at least trying to comply with the Act and may just go a little easier on you.
โAnd if the Act does not apply to you they can also see that you respect your clients and their personal data.โ
To register, visit https://www.onolegal.com.au/privacy-prepared-webinar-paw22-register