Information Commissioner's Office
‘Room for improvement in sales and lettings agents’ data handling’ says ICO report
Estate agents and lettings agents need to do more to look after people’s personal data, a report published by the Information Commissioner’s Office (ICO) has said.
The report was compiled after the ICO visited a number of residential sales and lettings agents across the UK, to look at how they were complying with data protection law.
Auditors found many common findings across the visits, including:
- Staff had little formal training for data protection
- Customers were not always told how their personal information would be used
- Customer data was kept for longer than necessary
- There was a lack of awareness about the importance of using technical security controls like encryption
- Paper records containing personal data weren’t kept securely
The report includes eight pages of advice on how agencies can improve their practices to ensure they stay in line with the Data Protection Act. The ICO has the power to fine organisations that fail to follow the law up to £500,000.
Leanne Doherty, Good Practice Group Manager at the ICO, said:
“More than half a million people work in the real estate sector in the UK. That’s a lot of people handling a lot of personal data. It’s an important responsibility to get that right, and our report suggests there’s room for improvement in a lot of sales and lettings agents.
“The series of visits we carried out suggested a limited understanding of data protection. It was particularly concerning that people weren’t being told clearly how their information was being used, and that their data was being kept longer than necessary.
“We’d urge agents to take the time to look at our recommendations and to make changes to improve what they’re doing. The prevention measures we list are far less painful than the cure of a £500,000 fine.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO is onTwitter, FacebookandLinkedIn. Read more in the ICO blogand e-newsletter.Our Press Office page provides more information for journalists.
Latest News from
Information Commissioner's Office
ICO fines Vote Leave £40,000 for sending unlawful text messages20/03/2019 09:10:00
The Information Commissioner’s Office (ICO) has fined Vote Leave Limited £40,000 for sending out thousands of unsolicited text messages in the run up to the 2016 EU referendum.
A call for participation: Building the ICO’s auditing framework for Artificial Intelligence19/03/2019 16:10:00
Blog posted by: Simon McDougall, 18 March 2019.
Two Birmingham workers fined for data protection breaches19/03/2019 12:20:00
Employees could face a criminal prosecution if they access or share personal data without a valid reason, the Information Commissioner’s Office has warned.
ICO raids businesses in Brighton and Birmingham suspected of making millions of nuisance calls13/03/2019 09:10:00
The Information Commissioner’s Office (ICO) has searched two addresses as part of an investigation into businesses suspected of making live and automated nuisance calls.
International Conference of Information Commissioners 201912/03/2019 09:10:00
Elizabeth Denham's opening address given yesterday to the International Conference of Information Commissioners.
Blog: Adtech fact finding forum shows consensus on need for change08/03/2019 16:20:00
There’s a well-quoted line from Steve Jobs, that as Apple CEO he didn’t employ smart people to tell them what to do, but so that they could tell him what to do.
Blog: Why the right of access to patient data needn’t be a headache for GPs08/03/2019 13:20:00
Blog posted by: Jovian Smalley, Group Manager – Engagement (Public Services), 07 March 2019.
Organisations should be doing more to achieve privacy accountability06/03/2019 09:10:00
The Global Privacy Enforcement Network's (GPEN) annual intelligence gathering operation looked at how well organisations have implemented the core concepts of accountability into their own internal privacy policies and programmes.