LRS Press Release Voices Concerns on Data Protection Violation.
We have been asked by the press to release a statement regarding the recent breach of protection of tenants data by TenantVet. We must emphasise that TenantVet has no association with Landlord Referencing Services by either its employees or directors. Our statement is as follows:
Landlord Referencing Services has been informed of a complaint that has been made about the company ‘TenantVet’ to the Information Commissioner (ICO). The complaint was regarding the way in which TenantVet was displaying the names, addresses, DOB, Title, Passport Number, Driving Licence number and more on an open database for all to see.
One of our members has told us that to access the site as a Landlord you simply need to enter your name, email address, telephone number and a postcode; you then get an email with a link to follow.
Our member was quite simply shocked at information that was displayed as he has merely searched the letter ‘S’ and he was displayed with a list of all the people on the database that have either their first name or second name beginning with ‘S’. Not only did it display the names of these people but it also displayed the full information as mentioned above. Our member sent us a copy of the search result for the letter ‘s’ – the list comprises about 20 names on there – we too were shocked.
Landlord and Letting agents Networking/Referencing is a new concept in a new industry that is taking shape in the UK and having spoken to many of our members here at LRS on a fairly regular basis, I feel that the majority will agree that this is the kind of inept conduct that no-one should be prepared to accept.
Remarks made by members of LRS are that they are experiencing up to 80% less rent defaults, property damage, anti-social behaviour and drug related crime, so it is clear that we are a new and much needed service within the letting industry.
Therefore, it is imperative that we ensure the highest standards are met and a precedent must be set for this industry that the privacy and security of the information stored on Landlords and even more importantly, tenants is paramount. Private and personal details should be stored with the upmost security and not given out or displayed on the World Wide Web for all to see. This is quite the opposite to the practise observed by TenantVet and other similar blacklist sites who display a list of people and their personal information to an unverified Landlord based on an alphabet letter search.
As the pioneers of this industry, Landlord Reference Services do not want to be tarred with a bad reputation brought on by an amateur and unprofessional site that would seem to be simply trying to maximise their profits and prioritising it above security. We believe it is this motivation that caused them to make their system automated, but in their haste they have left people vulnerable to criminal and fraudulent behaviour.
TenantVet state that what they are doing is legal due to the fact that the tenant has signed a waiver giving their permission for TenantVet to use their details, yet there is no statement that will stand up in court that allows people to waiver their rights. No individual person’s signature is above the laws that are there to protect us. The first principle of data protection is that the data is secure and we do not believe that typing in a single letter and then having the ability to gain access to a list of people who are not relevant to the search is in line with this principle. There are many other principles of data protection in which TenantVet sail very close to the wind.
TenantVet have now issued the following statement:
‘Due to a misguided attack on our database we have had to strengthen our security policies.
This means that from now on, searches for names only will return an error, forcing you to provide more details about the potential tenant. Another measure put in place is that registration information will first be validated before we can allow access to the system.
We are very sorry for the inconvenience this will cause, but for the security of the data we hold on our database, we have had no choice.’
Although we are pleased to see that they are now attempting to protect the details of both their Landlords and their tenants more effectively, this comes a long way off alleviating our concerns about their intentions and their method. ‘Due to the misguided attack on our database’ – is it really an attack if a concerned Landlord contacts the ICO data commissioner? Is it really misguided if they have recognised that such concerns were something to be addressed and issued the above statement of changes? ‘We are very sorry for the inconvenience this will cause, but for the security of the data we hold on our database, we have had no choice’ – we have never EVER found it an inconvenience to protect the information that we hold; rather it is one of our mission statements.
The member in question has now informed us that when he tried to enter the site to see how the new security would work, he found that he had been barred from the system. This is a very short term solution to a long term problem.
We have data controllers working with Landlords and Letting Agents on a personal basis and this is the safest and securest way to network and gain reference information on previous tenants from their previous Landlords. Albeit a significantly more expensive way than automation, it ensures that we do not pass on any sensitive information or give access to tenant’s private data and therefore do not jeopardize the safety of any persons listed on our databases; neither do we continuously display the fact that you have joined us. Please be very careful for the time being when using TenantVet until they have completely and successfully addressed the problems with their system.
Landlord Referencing Services official Press Release