A case in point last year involved a Stockport agent accessing tenant’s personal data resulting in prosecution, a fine and dismissal.
An employee of Stockport Homes Limited (SHL), the offender, was a customer services officer who was found guilty of unlawfully accessing personal data without having a legitimate reason to do so.
Wendy Masterson had been looking at anti social behaviour cases on SHL’s case management system when she wasn’t authorised to do so. She had accessed the system a total of 67 times between January and December 2017.
The offences came to light following an audit of Masterson’s access to SHL’s case management system after concerns were raised regarding her performance. This resulted in Masterson’s suspension and her subsequent resignation.
Masterson, of Middlesex Road, Stockport pleaded guilty to unlawfully accessing personal data in breach of s55 of the Data Protection Act 1998 at Stockport Magistrates Court on 6 June 2019. She was ordered to pay a £300 fine, £364.08 costs and a victim surcharge of £30.
Mike Shaw, Group Manager Enforcement at the Information Commissioner’s Office, which brought the prosecution, said:
“People have the absolute right to expect that their personal information will be treated with the utmost privacy and in strict accordance with the UK’s data protection laws.
“Our prosecution of this individual should act as a clear warning that we will pursue and take action against those who choose to abuse their position of trust”.
The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Landlords & Agents:
If you are storing, using or deleting tenants’ personal information (name, address, phone, email, bank details, etc.) using electronic devices (computer, mobile phone, CCTV or dashcam for work purposes etc.) then you should be registered with ICO. The cost is £35.00 per year.
Just another expenses for landlords and agents but it is important you do this. Check here
Complying with GDPR
The EU-wide General Data Protection Regulation (GDPR) requires data processors including landlords and agents to deal with, to access and store personal data only when necessary, only with the client’s permission and securely.
The legislation applies to everyone, particularly businesses, so you should be aware of exactly what personal information you hold on people and how you store it, how long you hold it, how you share it and how you dispose of it.
Landlords and agents collect a fair amount of personal data in the process of letting and much of this is stored electronically these days, for example:
- Tenant enquiries
- Viewing appointments and prospective tenants
- Application forms
- Credit checks
- Bank details and standing orders
- Housing Benefit claims details
- ID, Passports, National Insurance numbers, Driving Licence, photos.
Landlords should audit their personal information systems to determine what is held, how it is held, what it is used for, how long it is kept and how it is safety disposed of. This is particularly important where staff are involved so that a proper secure management process can be set-up. This would give access to only trusted personnel, they would know how to deal with this securely, and would remove and delete records routinely after they are not longer necessary or useful.
Further guidance on legally compliant data processing is available on the Information Commissioners Office (ICO) website.