The Federal Privacy Commission has aimed a broadside into the residential tenancy database industry ruling that one of Australia's largest tenancy database operators, TICA Default Tenancy Control Pty Ltd, has breached the Privacy Act and must rectify its information-handling practices.
Tenancy database operators provide information on renters to the real estate industry based on a tenant's previous rental history and charge both estate agents and tenants for access to the data they hold.
The residential tenancy database industry has previously come under fire from state governments for the amount of money charged to tenants who wish to access information database operators hold on them.
"It's not appropriate that people be charged excessive amounts to access information a database operator holds about them or that decisions about whether or not a person can rent a home are based on out-of-date and inaccurate information," Privacy Commissioner Malcom Crompton said.
The Privacy Commission determined that TICA has breached the Privacy act on several counts, including:
- Charging an excessive amount for people to access their tenancy record by mail and telephone.
- Failing to have appropriate agreements in place with members to ensure data quality.
- Failing to have appropriate measures in place to check the quality of data supplied by members.
- Failing to advise tenants that they have been listed on the database.
- Failing to have appropriate and effective dispute resolution procedures in place.
- Failing to keep personal information accurate and up to date.
- Failing to destroy or de-identify personal information that is no longer needed for any other purpose.
- Failing to take reasonable steps to ensure tenants are aware what personal information will be collected, to which organisation it will be disclosed and that individuals can gain access to the information.
TICA has subsequently been ordered to cease and not repeat such practices, in addition to recommendations that it amend its information-handling practises and allow tenants to have their own comments placed on files held on them in the case of a dispute.
Apart from being ordered to stop charging tenants excessive amounts, TICA will also be required to commission "an independent audit of the accuracy of the information in their databases", at its own cost.
The orders and determinations are some of the strongest to date from the Privacy Commission, with several state governments understood to have supported the latest action.
Two cross-jurisdictional ministerial councils (Standing Committee of Attorneys-General and Ministerial Council on Consumer Affairs) are currently reviewing tenancy laws in Australia. Crompton said that, "The determinations will provide the councils with significant input to whether existing protections for tenants' personal information are adequate."
In February the office of NSW Minister for Fair Trading Reba Meagher flagged new laws http://www.computerworld.com.au/index.php?id=124035843 to weed out unscrupulous tenancy database operators, with a spokesperson for Ms Meagher alleging that such operators had created an "insidious ledger" open to abuses such as vexatious blacklisting.
Meanwhile, an interim replacement for outgoing Privacy Commissioner Crompton has been found in the person of Timothy Pilgrim, who becomes Acting Federal Privacy Commissioner from April 20 and was previously Deputy Federal Privacy Commissioner.