Data privacy best practice for property managers

Property management is a busy and challenging industry. In addition to the many rules and regulations which must be adhered to, questions are increasingly being raised about data collection and protection. 

While renters are under pressure to find a place to live, they are cautious about the amount of personal information they are asked to hand over when they submit an application. 

Consumers are more and more aware of the risks involved with sharing their data. According to CHOICE, surveys have found 60% of renters are uncomfortable with the amount and type of information being collected, and 29% of renters opted not to apply for a rental because they didn’t trust the platform being used to store their data.  

As a property manager, on the one hand, it is important to gather information so you can confirm rental property applicants are who they say they are. On the other, if your agency experiences a security breach and these details are stolen, the fallout can be damaging. 

Major companies such as Optus and Medicare have proven data breaches are almost inevitable. Here are some ways to ensure your agency and your clients are protected: 

Establish and follow up on cyber policy 

First, you need to have a privacy policy so you can be transparent with your renters and other clients about how their information is gathered and stored. Make sure this policy is in line with the current Privacy Act

Your business also requires wider policies to ensure information is protected. You may need to work with a specialist IT/cybersecurity firm to create policies, implement them and ensure they are upheld. 

A regular audit will review your security measures and identify the areas where your business and clients are vulnerable to losing information. You can take a look at the biggest risk factors and take steps to address them, such as adding 2FA (two-factor authentication) so your online systems can’t easily be hacked, or encrypting data to add an extra layer of protection.

Train your team

Loss of data often happens because of employee errors. A training session will remind your staff not to open and click on ‘phishing/scam’ emails and give them a process to follow when it comes to using company devices or accessing your agency’s back end when using public Wi-Fi networks. 

You should have a clear and accessible set of expectations for your team about how to record and share data from renters and rental property owners. 

Having online training incoming staff can access at any time will make your life easier; you can create modules and update them every six months or as needed. 

Implement an offboarding process and restrict access

Unfortunately, internal or previous staff are often the source of a data breach. As an article from CurrentWare explains, 70% of intellectual property theft occurs within 90 days before an employee’s resignation announcement. 

If someone does resign, establish a process to revoke their access to your online systems. To protect against data and IP theft, ensure people don’t have access to information which isn’t relevant to their role. 

‘Poaching’ can be a problem for the property management industry, so take steps to ensure nobody can download your entire database and take client information with them when they resign. 

Leverage the latest ID protection technology

The property management industry is highly vulnerable to data privacy breaches because it involves small businesses gathering large amounts of personal information but being unable to meet the gold standard for data encryption and protection because of the high costs and processes involved.  

The best option may be not to store data at all. Fortunately, there are now platforms providing this solution. As reported by realestatebusiness.com.au, these platforms connect with the major banks to verify ID so consumers don’t have to hand their personal details to a small business. This benefits renters by protecting their private information and property management firms because they save the expense and time required to store and protect sensitive data. 

While prevention is always better than cure, the final step is to have cyber insurance and an emergency response plan in place. This way, if a worst-case scenario does occur, your agency will be able to handle it in a professional way and minimise the fallout.