– Tenant Histories – Tenant Histories

Is this legal?

  • does not store data on a scoring system
  • does not store information such as county court judgements, etc
  • is not a tenant black-list
  • does not give / sell any of the information submitted by our members to third parties
  • Is fully registered with the ICO for Data Protection;
    ICO Number: Z266090X – Company Registration Number:OC363703
  • simply gives you a tenant’s last landlord

Can I upload old tenants?

Yes. You can upload old tenants if they have provided you personal details (verbally or otherwise), for the purpose of a reference at the application stage of a tenancy. These details are therefore relevant to referencing for a contract of tenure. However, to make it absolutely clear to the tenant and for the avoidance of future doubt, we recommend that for new tenants you amend your tenancy agreements to include written authority with regards to Data Protection requirements.

You can upload old tenants if you do not have these written tenancy agreements in place as it is acceptable by the ICO Data Protection that your existing data can be used if:
‘The Processing is in accordance with the “Legitimate Interests” condition. So long as a tenant has provided details for a reference and has moved into your property (entered tenure with you), you are able to upload them to the LandlordReferencing database for referencing.’

The processing is necessary; in relation to a contract which the individual has entered into; or because the individual has asked for something to be done so they can enter into a contract.

ICO – The Basics (<— visit the ICO website)

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The Act works in two ways;

Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up-to-date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

All tenants are to submit a “Tenant Information Request” to

Should an individual or organisation feel they’re being denied access to personal information they’re entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner’s Office for help. Complaints are usually dealt with informally, but if this isn’t possible, enforcement action can be taken.

Schedule 1 to the Data Protection Act lists the data protection principles in the following terms:

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Processing personal data for specified purposes

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

This requirement (the second data protection principle) aims to ensure that organisations are open about their reasons for obtaining personal data, and that what they do with the information is in line with the reasonable expectations of the individuals concerned.

There are clear links with other data protection principles – in particular the first principle, which requires personal data to be processed fairly and lawfully. If you obtain personal data for an unlawful purpose, for example, you will be in breach of both the first data protection principle and this one. However, if you comply with your obligations under the other data protection principles, you are also likely to comply with this principle, or at least you will not do anything that harms individuals.

In practice, the second data protection principle means that you must:

  • be clear from the outset about why you are collecting personal data and what you intend to do with it;
  • comply with the Act’s fair processing requirements – including the duty to give privacy notices to individuals when collecting their personal data;
  • comply with what the Act says about notifying the Information Commissioner; and
  • ensure that if you wish to use or disclose the personal data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair.

Once personal data has been obtained for a specified purpose, can it then be used for other purposes?

The Data Protection Act does not prohibit this, but it does place a limitation on it: the second data protection principle says, in effect, that personal data must not be processed for any purpose that is incompatible with the original purpose or purposes.

When is one purpose compatible with another?

The Act clarifies to some extent what is meant by compatibility – it says that when deciding whether disclosing personal data is compatible with the purpose for which you obtained it, you should bear in mind the purposes for which the information is intended to be used by any person to whom it is disclosed.

An additional or different purpose may still be compatible with the original one. Because it can be difficult to distinguish clearly between purposes that are compatible and those that are not, we focus on whether the intended use of the information complies with the Act’s fair processing requirements. It would seem odd to conclude that processing personal data breached the Act on the basis of incompatibility if the organisation was using the information fairly.

If you wish to use or disclose personal data for a purpose that was not contemplated at the time of collection (and therefore not specified in a privacy notice), you have to consider whether this will be fair. If using or disclosing the information would be unfair because it would be outside what the individual concerned would reasonably expect, or would have an unjustified adverse effect on them, then you should regard the use or disclosure as incompatible with the purpose you obtained the information for.

The amount of personal data you may hold.

The Act says that:

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

This is the third data protection principle. In practice, it means you should ensure that:

  • you hold personal data about an individual that is sufficient for the purpose you are holding it for in relation to that individual; and
  • you do not hold more information than you need for that purpose.

So you should identify the minimum amount of personal data you need to properly fulfill your purpose. You should hold that much information, but no more. This is part of the practice known as “data minimisation”.

Please read our Conditions Of Use before registering; here.

Tenant History Report

Tenant History Report


  1. Pingback: 'Judge not, lest ye be judged!'

  2. Pingback: Tenant gets slashed with his own keys!

  3. Pingback: Tougher action to tackle troubled families.

  4. Pingback: Sussex trust receive highest penalty for ICO breach. |

  5. Pingback: Islington Council breach tenants data protection rules. |

  6. Pingback: Private Rented Sector VS Crime.

  7. Pingback: Shares in Facebook go on sale

  8. Pingback: We all want good neighbours, social referencing helps you get them. |

  9. Pingback: Trading data scandal revealed tonight. . . |

  10. Pingback: Increasing number of cannabis farms being detected. |

  11. Pingback: Wonga borrowers sign away their data protection rights. |

  12. Pingback: Gateshead | Tenant Referencing - The Future. |

  13. Pingback: Can You Trust Your Landlord With Your Personal Details? | Bright Green

  14. Pingback: March welcomes Landlord Referencing's first million+ website traffic hits. |

  15. Pingback: Increase of small businesses using online directories to boost their Search Engine Optimization. |

  16. Pingback: Let's put the social back into social media. |

  17. Pingback: Tenant Credit Referencing | Landlords Services Business Directory

  18. Pingback: You can buy a 49p burger but then you gotta eat it. |