19/4/04

Federal Privacy Commissioner, Malcolm Crompton has issued four complaint determinations that enhance tenants' privacy rights by ensuring that records about their tenancy history are accurate, up to date and can be accessed for a reasonable fee.

"Having a home is a very fundamental right and therefore it's very important that all tenancy database operators have exemplary information handling practices," said Mr Crompton.

"If the rental sector believes that databases are an important tool then it's essential that they are reliable. If they are not accurate this could have negative results for both landlords and tenants."

The Federal Privacy Commissioner has found that TICA Default Tenancy Control Pty Ltd, which operates one of Australia's largest tenancy databases, has breached the Privacy Act and has ordered its operators to rectify their information handling practices.

The breaches of the Privacy Act relate to TICA over-charging for access to information they hold, not taking reasonable steps to keep information they hold accurate and up to date and holding some information for too long.

"It's not appropriate that people be charged excessive amounts to access information a database operator holds about them or that decisions about whether or not a person can rent a home are based on out of date and inaccurate information," Mr Crompton said.

"Two ministerial councils (Standing Committee of Attorneys-General and Ministerial Council on Consumer Affairs) are currently reviewing tenancy laws in Australia. I think the determinations will provide the councils with significant input to whether existing protections for tenants' personal information are adequate.

"This has been a complex matter to investigate and I appreciate the co-operation demonstrated by all parties, including TICA, in reaching a resolution to the matter.

"The determinations are important reminders to all organisations that handle sensitive information about anyone who rents a home in Australia that they must treat the information with care and in full accordance with the federal Privacy Act."

The Federal Privacy Commissioner has found that TICA has breached the federal Privacy Act by:

• Charging an excessive amount for people to access their tenancy record by mail (Determination 1)
• Charging an excessive amount for people to access their tenancy record by telephone (Determination 1)
• Failing to have appropriate agreements in place with members to ensure data quality (Determination 2)
• Failing to have appropriate measures in place to check the quality of data supplied by members (Determination 2)
• Failing to advise tenants that they have been listed on the database (Determination 2)
• Failing to have appropriate and effective dispute resolution procedures in place (Determination 2)
• Failing to keep personal information accurate and up to date (Determination 3)
• Failing to destroy or de-identify personal information that is no longer needed for any other purpose (Determination 3)
• Failing to take reasonable steps to ensure tenants are aware what personal information will be collected, to which organisation it will be disclosed and that individuals can gain access to the information (Determination 4)

The Commissioner has ordered TICA to cease and not repeat the practices outlined in his four determinations. He has also issued a number of recommendations that TICA may wish to implement to remedy their information handling practices including that TICA:

• Do not charge tenants excessive amounts to access their information via mail or phone services (Determination 1)
• Develop a detailed description of all listing categories in consultation with my Office (Determination 2)
• Ensure that database members are aware of and use the newly defined listing categories (Determination 2)
• Ensure tenants have access to the listing categories (Determination 2)
• Allow tenants to place comments on files where they dispute the reasons for which they were listed (Determination 2)
• Continue to conduct weekly random checks of the information they hold (Determination 2)
• Commission an independent audit of the accuracy of the information in their databases (Determination 2)
• Ensure members advise tenants when they have had an adverse listing placed on their file (Determination 2)
• Develop an adequate dispute resolution system (Determination 2)
• Delete information when it is no longer needed (Determination 3)
• Develop new collection forms that clearly spell out what personal will be collected, to which organisation it will be disclosed to and that individuals can gain access to the information (Determination 4).

The complete determinations are available @ http://privacy.gov.au/law/apply/determinations/#comdet