Data privacy matters: check you’re a law-abiding real estate business

Data privacy has been hitting the headlines for all the wrong reasons lately. Making data compliance more important than ever for your real estate contact database. Today, I take a look at what you need to know to stay within the law, and the potential impacts on your real estate business.

Why data privacy matters more than ever

Data privacy has become big news around the world. From Facebook users’ data being shared with third-party organisations, through to a Twitter system glitch leading to the company advising its users to reset their passwords, social media is far from the safe space it once was for real estate marketing.

People are understandably protective about their data and how it is used, and this is leading to tighter controls. The European General Data Protection Regulation (GDPR) is a standout example of the way data compliance is tightening.

But what does this mean for real estate agents from Australia and New Zealand? What laws do you need to make sure you’re complying with?

I’ve put together this quick guide, with links to some useful online information sources, to keep you in the know.

Please note, this article is not intended as legal advice, just as a general guide to make you aware of the facts affecting your real estate marketing.

Data privacy laws in Australia and New Zealand

Both Australia and New Zealand are strict about data compliance. Australia’s laws regarding data privacy are categorised as “heavy” (the highest level), and New Zealand’s as “robust” (the second highest level).

This means real estate businesses in both countries need to be aware of their responsibilities around data protection, and whether or not your marketing systems and operational procedures are compliant with the law.

These resources offer plenty of information about Australia and New Zealand data privacy laws:

– Australian Data Protection Law overview.

– Australian Privacy Act details.

– New Zealand Data Protection Law overview.

Interestingly, neither Australia nor New Zealand has laws or regulations relating specifically to online data privacy, they both focus on general data privacy.

Online data includes:

The collection of location and traffic data
The use of cookies (or other similar technologies)

However, if cookies or similar technologies are being used to collect a users’ information, your business must comply with the Privacy Act.

Which real estate agencies need to be smart about data privacy?

The Australian government offers a data privacy checklist for small businesses detailing the circumstances under which you need to comply with data privacy laws. It’s worth reading this to see whether or not any of the points apply to your real estate business.

The notable points most likely to affect real estate agents are:

Real estate businesses that earn over $3 million a year. This is unlikely to apply to individual agents, but most real estate agencies would fall into this category.
Real estate offices that are part of a bigger organisation – for example, networks and franchise brands.
Businesses that have a residential tenancy database.

If your business can answer yes to any of these points, or any of the others listed in the government checklist, you have a legal obligation to comply with the Australian Privacy Principles (APP) guidelines.

If this includes your real estate business, here are some key areas of the APP guidelines you need to pay attention to.

1. Personal data collection

If you collect personal data on an individual, you need to make sure that they are aware that you are doing so. You also need to take reasonable steps to let them know:

Who you are (your business name and contact details).
Why and how you are collecting their data.
Whether collecting their data is required or authorised by law.
What will happen if their data is not collected, among several other things.

The full list of requirements can be found in Chapter 5 of the APP.

hoole blog data privacy matters check youre law abiding real estate business image2

Examples of real estate businesses complying with the law can be seen at Real Estate Australia’s consumer login page and Belle Property’s request an appraisal form.

2. Electronic marketing

Under the Australian SPAM Act, users must consent to receive emails from you. You are not allowed to send commercial electronic messages without the recipient having previously given their “opt-in” consent.

Additionally, every email you send must have a clear and functional “opt-out” facility, which will stop all future emails being sent to that user.

Companies not complying with the SPAM Act face serious penalties – repeat offenders can be fined up to $1.7 million per day!

New Zealand’s law views data collection for email exactly the same as data collection for any other type of direct marketing.

Unsolicited emails are banned, as is harvesting addresses to send them. All email communications must be opted into and must have a clear and functional “unsubscribe” option.

In both Australia and New Zealand, the same applies to text messaging and printed marketing materials – users must be able to opt out of receiving these communications from you, and they must not be sent any more after they have unsubscribed.

3. Collection and processing

In Australia and New Zealand, your real estate business must not collect personal information unless it is reasonably necessary for any of the functions of your business.

You must also have a privacy policy which contains information about:

– How the people you contact can access and correct their personal information.

– How they can complain about a breach of the APPs.

– How your organisation will deal with complaints of this nature

What is the European GDPR, and should real estate agents care?

The European GDPR is making headlines due to its stringent data privacy standards. It’s unlikely to affect most real estate agents in Australia or New Zealand, as you probably don’t hold or process much data on European residents. However, it’s worth being aware of these overseas changes.

The GDPR requirements have been added into systems and technologies developed in Europe or the USA, or by companies who have clients in those jurisdictions. Therefore, you’re likely to have to accept updated terms and conditions if you use any of these technologies – most of us do.

The new terms and conditions relate to the use of these systems and the data they collect on your behalf.

Also, if you have any clients who currently reside in Europe, such as vendors or investors, you need to be aware of your responsibilities, as the fines for breaching the GDPR are extremely heavy. The highest fines can be as much as 20,000,000 Euros, or up to 4 percent of your total worldwide turnover for the previous year, whichever is larger.

So, familiarise yourself with the European GDPR changes if this is the case.

Moving forward with data compliance

It’s definitely worth doing some housekeeping to make sure your data privacy systems are compliant with the law. Check with your CRM provider to ensure that all the points where you collect data have links to your Personal Collection Statement, Terms of Use and Privacy Statement.

Data privacy is something you need to think about when it comes to real estate marketing – but as long as you are complying with the law in every country you do business with, it doesn’t have to have a negative effect on your business.

Tags: data compliance, data privacy, Facebook privacy, GDPR, real estate agent, real estate business, real estate contact database, real estate marketing, Twitter user passwords

Written by Melanie Hoole

My team and I specialise in helping real estate and property professionals perfect their personal brand, build a first-class digital profile and implement inbound marketing activities to attract leads. If you are unsure which direction to take with your digital marketing contact me for help.