For your eyes only
Social landlords must make sure they are guarding data properly says David Hall
Numerous data losses and thefts of laptops - most recently form the Pensions Trust, which affected social housing pension members - mean that data protection should be on high on every landlord’s list. Here are three principles to keep in mind.
Processed fairly and lawfully
Keeping it ‘lawful’ is easy. The Data Protection Act lists situations in which processing is allowed. Simply check that your purpose qualifies under a permission and proceed. Getting consent of some kind is always an option, but it is rarely the most efficient. It pays to think about the other options.
Being ‘fair’ takes planning, training or both. You have to be clear about what you’re doing with the data, and tell the data subject before you start.
In theory, you should know the lifecycle of all personal details you hold. And so should your tenants. In practice, most organisations are patchy when it comes to this.
Obtained and processed only for specified purposes
Your tenants should know why you have their data. A privacy policy for each location where data is entered (i.e. tenancy application form, website) is a great way to do this. You can use it to wrap up the ‘fair’ and ‘lawful’ tasks. It also reminds your staff where the limits are. Have you documented each of these points of data entry?
Adequate, relevant and not excessive
You should only collect information you need. The DPA makes business sense on this one. Comply and your costs go down, including the costs of data storage, administration time, and of making disclosures to data subjects on request. Why wouldn’t you?
David Hall is a solicitor at Anthony Collins Solicitors. david.hall@anthonycollins.com
Have your say
You must sign in to make a comment