Real estate data collection security


Being forced to disclose


Real estate data collection security is the responsibility of several parties within an organisation. From collecting sensitive rental application information to sale information agents must act professionally and carefully. To function within our integrated world we all need to disclose information that we would prefer to keep private, so the responsibility to protect our data is massive. Recently there has been reference to the potential breaches of privacy for the real estate industry and the devastating impact that may occur.


The platforms


What is not often clear is that real estate agents need to use external platforms to load information. These platforms allow access for the public for example and Other platforms like MRI Software, are used to capture information like tenant details. These platforms provide a raft of advantages for the industry but like all external platforms, they are vulnerable to criminals. Management is responsible for ensuring data collection methods comply with security policies and regulations. Also, all employees who handle data are responsible for following security protocols, including proper data collection, using secure channels for data transfer and following access controls.




Information and ID


Agents must collect information that is required by law but it is important to highlight what cannot be collected. The rental provider or agent will likely ask you for formal identification, such as a driver’s license, as well as employment details and rental references. The personal information you give the rental provider or agent may only be used to decide whether or not you are a suitable renter or to comply with another requirement of the Residential Tenancies Act 1997.


Some information should never be given as it is a breach of privacy. When loading the relevant information onto an external platform there is no entry for ‘unpermitted’ questions. Consumer Affairs Victoria (CAV) outlines that the rental provider or agent cannot ask you for the following information forming part of your application.


  • whether you have taken legal action or have had a dispute with a rental provider;


  • your bond history, including whether you’ve made a claim on your bond;


  • a bank statement with daily transactions – you may need to provide a statement, but you can delete transactions that you feel should be kept private;


  • if the rental provider asks you about personal protected attributes outlined in the Equal Opportunity Act 2010 (for example, ethnicity, gender identity, disability), they have to provide you with the reason for asking that information in writing.




A controversial breach of privacy that vendors cite is the disclosure of the sale price. Consumer Affairs Victoria (CAV) has determined that the new price-quoting legislation overrides vendor-agent confidentiality. To satisfy compliance with underquoting legislation an agent may be required to disclose the sale price on the Statement of Information – regardless of a vendor’s wishes for the sale price to remain undisclosed. Also, material facts must be disclosed and are not considered a breach as the information will impact the purchaser.


Real estate agents have legal and fiduciary obligations to their clients but it is important to understand that breaches at these platforms are beyond the agents’ control. Third-party providers share responsibility for securing the data they handle. Ultimately, ensuring data collection security requires a collaborative effort involving various stakeholders, from leadership setting policies to individual employees following best practices.