Login
iscover
New research has raised alarms about rental apps leaving tenants’ personal information vulnerable to threat actors, sparking privacy concerns and calls for tighter regulation.
Recent findings have shown that millions of tenant leasing documents could be left exposed across rental platforms, prompting calls for tighter regulation in rental technology.
The Guardian reported this week that an anonymous researcher found seven platforms used to upload renter documentation contained risks of exposing the data to threat actors.
The researcher found that hyperlinks to stored lease agreements, identification documents, payslips, and personal references could be scanned by web crawlers and cached.
University of Sydney associate professor in the School of Architecture, Design and Planning, Dr Sophia Maalsen, said the data exposures raised serious concerns about tenants' data privacy and security.
“There are risks around hacking and accessing people's personal data,” she told REB.
She said that the rental platforms presented landlords or property managers with a shortlist of candidates who had been algorithmically assessed, with tenants having little control over their own personal data.
“The opacity of how the algorithm makes a decision on how good an applicant is, also raises challenges in terms of what is being weighted highly, are there biases, what is determining what is a ‘good’ tenant?”
“Because this information is not accessible, it is difficult to understand how these decisions are made.”
Maalsen said that many real estate companies, and some proptech providers, were exempt from the Privacy Act due to being small businesses, presenting increased risks for renters.
According to Guardian Australia, access to the leasing documents was simplified by adding or removing a number in the URL that was forwarded to potential tenants.
The masthead said that it had seen six examples of leasing documents being made available online.
Although the links were obscured by randomised characters, the documents did not require a login to view.
Maalsen also said that, apart from data being exposed online, there were concerns around the quantity of data tenants needed to provide to landlords as part of their applications.
“There is a big power asymmetry where tenants feel they have to give up data to be considered for a rental.”
“There is a general consensus that evidence of income, proof of identity, and rental references should suffice to make that decision, without requiring additional personal data.”
She said there were multiple ways to reform regulations to prevent privacy breaches and data overreach.
These included extending the Privacy Act to cover small businesses, restricting what constituted ‘reasonable’ data collection, and undertaking periodic reviews of emerging risks of rental technology.
She also said that rental platforms and proptech companies should be made to comply with tenant protection laws, and not just consumer data privacy and artificial intelligence (AI) laws.
Maalsen said that while the technology raised privacy concerns, it also had benefits, including helping property managers manage their data more effectively.
However, she said that to gain maximum benefit from the platforms, tenant data needed to be standardised and limited.
“This is an area where I think there could be growth, especially as the Office of the Australian Information Commissioner has recently identified rental and property inspections as a high-risk sector in terms of privacy compliance,” she concluded.
You might also like: Remote selling creates new opportunities for agents
ABOUT THE AUTHOR
You are not authorised to post comments.
Comments will undergo moderation before they get published.