19 October 2022
The Hon. R.A. SIMMS: I seek leave to make a brief explanation before addressing a question without notice to the Attorney-General on the topic of data protection.
The Hon. R.A. SIMMS: Last month the data breach at Optus left millions of customers vulnerable to scams and identity theft. At a renters' forum I held last month, renters raised concerns about the safety of their data in the wake of the Optus breach. Renters are often required to provide their driver's licence, bank statement, employment history, rental history, passport and the number of their dog's microchip (if indeed they have one). If renters refuse to provide any information the landlord or property manager asks for, they will not be considered for a rental home.
On 4 October The Guardian Australia reported on this issue and claimed that the culture of data hoarding by the real estate sector undermines the right of privacy and worsens the power imbalances between renters and landlords. My questions to the Attorney-General are:
1. What assurances can the government provide that the personal data of renters is being protected?
2. Will the government be legislating to protect the personal data of renters as part of their review of the Residential Tenancies Act?
The Hon. K.J. MAHER (Minister for Aboriginal Affairs, Attorney-General, Minister for Industrial Relations and Public Sector): I thank the honourable member for his question. It is an important one. I think many people have been horrified at what they have seen with the Optus data breach and I know that as a government we have discussed it. I think my colleague the member for West Torrens, the Hon. Tom Koutsantonis, as the Minister for Transport, has put in place people being able to get their licence reissued for free. I think that is a sensible initiative of the government for people who, through no fault of their own, can have their identities compromised, to have a new and different licence to be issued at no cost of their own.
It is an interesting question because, of course, other jurisdictions, most notably European jurisdictions, have, as I understand it, very significant sanctions for data breaches as occurred with Optus. I just don't have the information in front of me, but there are specific instructions and guidelines in terms of data that the government holds and sanctions for that, but in terms of data that private entities, whether they be rental companies, real estate companies, strata corporations hold, I am happy to look to see what we can do in relation to a review of acts that include rental provisions to see if there is a way to include those in those.
Reply Received on 30 November 2022:
The Hon. K.J. MAHER (Minister for Aboriginal Affairs, Attorney-General, Minister for Industrial Relations and Public Sector): The Minister for Consumer and Business Affairs has advised:
Consumer and Business Services (CBS) is responsible for the administration of the Residential Tenancies Act 1995 (RTA).
The RTA regulates residential tenancy databases, often referred to as tenant blacklists. Sections 99J and 99K of the RTA limit how database operators can store and distribute the personal information of renters.
The national privacy principles, as stated in schedule 3 of the Privacy Act 1988 of the commonwealth, also limit how organisations store, use, and disclose personal data. These principles can apply to how database operators and other organisations treat the personal data of renters.
The Malinauskas government has committed to a review of the RTA. The review will consider restricting the amount of personal information that can be requested from prospective tenants applying for a rental property and will consider regulating the circumstances in which this data can be retained.