Estate agents and lettings agents need to do more to look after people’s personal data, a report published by the Information Commissioner’s Office (ICO) has said.
The report was compiled after the ICO visited a number of residential sales and lettings agents across the UK, to look at how they were complying with data protection law.
Auditors found many common findings across the visits, including:
- Staff had little formal training for data protection
- Customers were not always told how their personal information would be used
- Customer data was kept for longer than necessary
- There was a lack of awareness about the importance of using technical security controls like encryption
- Paper records containing personal data weren’t kept securely
The report includes eight pages of advice on how agencies can improve their practices to ensure they stay in line with the Data Protection Act. The ICO has the power to fine organisations that fail to follow the law up to £500,000.
Leanne Doherty, Good Practice Group Manager at the ICO, said:
“More than half a million people work in the real estate sector in the UK. That’s a lot of people handling a lot of personal data. It’s an important responsibility to get that right, and our report suggests there’s room for improvement in a lot of sales and lettings agents.
“The series of visits we carried out suggested a limited understanding of data protection. It was particularly concerning that people weren’t being told clearly how their information was being used, and that their data was being kept longer than necessary.
“We’d urge agents to take the time to look at our recommendations and to make changes to improve what they’re doing. The prevention measures we list are far less painful than the cure of a £500,000 fine.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.