The Information Commissioner’s Office (ICO) has published advice to help housing associations comply with data protection law.
Housing organisations have a legal responsibility to protect residents’ data (picture: Alamy)
Sharelines
The UK data protection regulator explained that it was issuing the advice after it had received “a number of complaints” from residents who had been “failed by poor data-protection practices” from their landlord.
These complaints included inaccurate record-keeping, or necessary repairs being refused due to a misunderstanding about data-sharing.
The ICO said that poor data-protection practices were more likely to harm residents who required extra support due to factors such as language barriers, health or history as a victim of domestic abuse.
The data watchdog highlighted the Housing Ombudsman’s recent report into Rochdale Boroughwide Housing, which identified record-keeping and data accuracy as key areas for improvement.
Failure to do so could put residents at risk, which could have serious consequences, such as distress, discrimination, identity theft or physical harm.
Personal data must only be disclosed when it is necessary and appropriate. In one case, the ICO said it had not been necessary for an association to share information about a complaining resident’s health with a legal advisor who was considering the merit of the complaint.
The resident was so distressed by the experience that he felt he could no longer trust the housing association and had to seek accommodation elsewhere. If the landlord had already had appropriate staff training in place, this situation could have been prevented, the ICO said.
At the same time, data protection laws should not be used as a barrier to sharing information to support residents when this is needed.
In another case, a housing association refused an information request from a resident relating to a repair following a leak in a neighbouring flat. Staff cited data protection law for the refusal and the resident was unable to carry out the repairs to her property in a timely manner, which resulted in additional damage and expense.
This information should have been provided, said the ICO, as the resident did not request any personal data, only information that would allow her to plan her own repairs.
The ICO also highlighted the need for good records management and called on landlords to ensure that all staff were properly trained in their organisation’s data-protection obligations and were aware of internal processes for handling any queries about personal data.
This includes keeping an accurate record of contact with residents and informing them what information about them is being collected and the purposes for which this might be used.
A data protection officer should also be appointed if the landlord is a public authority under Freedom of Information legislation, the watchdog explained.
A Housing Ombudsman Spotlight report in May described poor data and record-keeping across the sector as “ubiquitous” in a way that was causing daily detriment to residents.
Sign up for our daily newsletter
