What do I need to do about Data Protection?
Landlords and Letting Agents are under a legal obligation to handle, store and dispose of personal consumer information sensibly and securely and are obliged to abide by the principles of the Data Protection Act 1998.
The Data Protection Act does not guarantee personal privacy at all costs. It aims to strike a balance between the rights of individuals and the sometimes competing interests of those with legitimate reasons for using personal information.
The Act applies to paper records as well as computer records.
Data Protection Checklist
This checklist should help you comply with the Data Protection Act.
If you can answer 'yes' to every question, this does not guarantee compliance, but it does indicate you are making every effort to do so:
- Do I really need this information about an individual?
- Do I know what I'm going to use it for?
- Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?
- If I'm asked to pass on personal information, would the people about whom I hold information expect me to do this?
- Am I satisfied the information is being held securely, whether it's on paper or on computer?
- Is my web site or on-line data base data secure?
- Is access to personal information limited to those with a strict need to know?
- Am I sure the personal information is accurate and up to date?
- Do I delete or destroy personal information as soon as I have no more need for it?
- Do I dispose of personal information securely?
- Do I have a Data Protection Policy and have I trained staff in their duties and responsibilities under the Act, and are they putting them into practice?
- Do I need to notify the Information Commissioner and if so is my notification up to date?
Safe Disposal of Personal Information
Landlords and letting agents must take reasonable measures for proper disposal of personal information included in credit reports, tenancy applications and tenancy agreements, based on the sensitivity of the information.
Disposal practices that are reasonable and appropriate to prevent unauthorised access or use of sensitive information might include:
- Destroying or erasing electronic files so that the consumer information cannot be read or be reconstructed. When disposing of old computers, you should destroy their hard drives.
- Shredding or burning paper documents so that consumer information cannot be read or reconstructed.
- Hiring a certified contractor specialising in document destruction, after performing due diligence on the company's operations and security policies.
More Information at the Information Commissioner's Web site: http://www.ico.gov.uk/
© Copyright TenantVERIFY® 2015 - all rights reserved.