Some Property managers 'tramping on privacy right'- Consumer NZ

<div class="figure-file" data-ke-type="file" data-file-src="https://t1.daumcdn.net/cafeattach/1L6fn/22c5f231231dd9562772ce0f5d8f5868fe066be3?download" data-file-name="KWANZ Reading Friday Class - Privacy Rights280325.pdf" data-file-size="130945" data-mimetype="application/pdf" data-ke-align="alignCenter"><a href="javascript:checkVirus('grpid%3D1L6fn%26fldid%3DGOT1%26dataid%3D179%26fileid%3D1%26regdt%3D20250328035747&url=https%3A%2F%2Ft1.daumcdn.net%2Fcafeattach%2F1L6fn%2F22c5f231231dd9562772ce0f5d8f5868fe066be3')"><div class="image"></div><div class="desc"><div class="filename"><span class="name">KWANZ Reading Friday Class - Privacy Rights280325</span><span class="type">.pdf</span></div><div class="size">127.88KB</div></div></a></div><p>Some property managers 'trampling on privacy rights' - Consumer NZ September 27, 2022 <a href="https://www.1news.co.nz/2022/09/27/some-property-managers-trampling-on-privacy" target="_top" class="ke-link">https://www.1news.co.nz/2022/09/27/some-property-managers-trampling-on-privacy</a>rights-consumer-nz/ Ten per cent of property managers in a nationwide mystery shop conducted by Consumer NZ encouraged the caller to provide more personal information than necessary, potentially unlawfully Chief executive Jon Duffy told Breakfast scarcity in the rental market shouldn't be an excuse for property managers "trampling on people's privacy rights”. Duffy said "overly intrusive information" was sometimes being sought in applications, such as religious and political beliefs, gender and family status. In May, mystery shoppers posing as potential renters made 71 calls to 32 property agencies across Auckland, Wellington, Palmerston North, Nelson and Dunedin. The property managers and rental agencies were asked questions about what sort of information is collected from renters, how long it's stored for and if it's shared with any third parties. The findings were released on Frida The Office of the Privacy Commissioner (OPC) has issued guidance to hel landlords and property managers comply with the Privacy Act. The guidance says it's unlawful to discriminate based on sex (including pregnancy or childbirth), relationship or family status, religious or ethical beliefs, colour, ethnic or national origins (including nationality or citizenship), physical or mental disability or illness, age, political opinion, employment status, and sexual orientation or gender identity. "It's unnecessary, irrelevant, and unreasonably intrusive to ask for information about these personal characteristics when you're selecting tenants," the guidance states. "It's unlikely that you could use this information for a lawful purpose during the selection process, due to prohibitions on discrimination under the Human Rights Act.” Consumer NZ said the 10% of agents encouraged the mystery shopper to provide more personal information by way of a cover letter and a "rental CV". They might include information such as age bracket, gender and relationship status. One property manager reportedly said "the more information you give, the better chances [of securing a rental property]”. Another reportedly said "the more information you provide [about yourself], the smoother the process". Another reportedly confirmed that extra informatio would "make your application stand out from the others”. Consumer NZ also found 6% of agents asked the mystery shoppers to include bank statements in their application - the OPC in its guidance for tenants states the landlord shouldn't ask for them. "Asking about how tenants spend their money is unfair and unreasonably intrusive, except in exceptional circumstances.” Consumer NZ further found 14% of agents became noticeably less interested in the mystery shopper when they asked about the privacy and security of their information. "It's really important, where there are market constraints - so there's a lack of supply which means the market is tight - that where rights exist, that they're upheld," Duffy said. He said his organisation thinks regulation of property managers is "long overdue", remarking "tighter regulations are needed and soon”. "The laws and rules exist for a reason. They exist to protect all of us in society. It shouldn't be that property managers are some sort of exception because they're representing someone who owns an asset.” The Ministry of Housing and Urban Development is currently looking at the regulation of property managers. RNZ - NEW ZEALAND BUSINESS 4 Oct 2024 Handing over personal data: What are your rights? <a href="https://www.rnz.co.nz/news/national/529829/handing-over-personal-data-what-are" target="_top" class="ke-link">https://www.rnz.co.nz/news/national/529829/handing-over-personal-data-what-are</a>your-rights It seems almost impossible to make a transaction of any sort these days without being required to hand over personal information. But that information is not always disposed of it when it is no longer needed. In August, a major audiology chain of clinics admitted much of its customer data had been leaked onto the dark web - potentially including bank account details, patient records and insurance information. One of those caught up in the Bloom Hearing Specialists hack was Auckland man Russell (full name withheld on request) - and he was not even a customer of theirs. "I had some hearing loss, industrial deafness. ACC covered me for up to $5000 for hearing aids," he told Morning Report. "I went to Bay Audiology. They gave me a quote and a trial, and I'd actually approached Bloom to see what they had to offer. And they said, 'Oh, we can try these hearing aids for a week.' I ended up deciding I'll just go with Bay Audiology." But that week-long trial with Bloom, six years later, led to his personal being leaked online. "I've never really been a customer, and since I haven't been with them for 6.5 years, they should have deleted my data. And I can't recall how much information they got from me, whether they may have requested my bank account number as security or credit card details as security, but potentially there's a lot of information and also where I had all my ACC details." The news of the hack was reported in Australia, but went under the radar here in New Zealand until RNZ reported on it on Thursday. Russell said he was considering complaining to the privacy commissioner. "The story, from my perspective, is that they haven't deleted the data from very old customers … There's people trying to hack systems all the time, these things can happen, but Bloom should have never had my data for such a long period of time. It should have been deleted. That's what my concern is." Privacy Commissioner Michael Webster told Morning Report that Russell was was "absolutely right". "You have rights as an individual in terms of what data can be collected from you, but importantly, you also have obligations as a business. "And the bottom line is data minimisation. Data retention is proving to be the sleeping giant of data security as we see an explosion in cyber attacks around the world." Under the law, Webster said, only information "that you absolutely regard as necessary for providing the services or products that someone wants" can be collected. "If you're concerned about the amount of information being asked for or you don't understand why they want certain types of information, you can ask the agency to explain why and to justify why the collection is necessary. You can, for example, return the form with blanks where you're not convinced the organisation needs the information, and say to them, 'Justify why you need this information. You can refuse to provide it." Organisations collecting data might want to reconsider just how much they ask for too, he said, and how long they keep it. "There's been a lot of cyberattacks over the last few years in both Australia and New Zealand, for example. And you don't collect or shouldn't collect or hold on to information. You don't need any more. The risk is simply too high for your customers and your organisation, too. "We've done surveys, I've seen other surveys from overseas, and there is an enormous loss of trust and confidence from having data cyber-hacked. We've seen results which say that seven out of 10 customers, for example, will consider moving from a business that doesn't keep their data and information safe. "So it is in businesses' best interests to ensure that they have a real focus on data minimisation." Bloom said it had notified the New Zealand police and privacy commissioner of the breach. "As with any breach, Bloom Hearing will need to investigate to fully ascertain the size and scope of the breach and any impact on its New Zealand clients," the Office of the Privacy Commissioner said on Wednesday afternoon. In its August message to customers, Bloom said: "You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to them." It published a long list of advice on steps to take and how to respond. "As soon as we became aware of the incident, we took immediate steps to contain it and secure our systems," Bloom said. It was still investigating. "We sincerely apologise for any distress this incident may have caused." The Privacy Act contains 13 "information privacy principles that govern how businesses and organisations should collect, handle, and use personal information", the commissioner's website said. More information about how the Privacy Act works, your rights and organisations' responsibilities is available on the Office of the Privacy Commissioner's website.</p>