Earlier this year, in a series of blogs on The Void, Johnny Void highlighted the work of the Landlord Referencing Service, a business run by a landlord called Paul Routledge; a man who enjoys mocking former tenants with mental health conditions. Here is how the company functions (quoting from Johnny’s original blog on the subject):
“The company requires landlords to give tenants a form in which they are expected to sign away their Data Protection rights in order to gain access to a home. They claim this means that that their grubby scheme is legal, yet the kind of personal information they hold and encourage landlords to share is clearly skirting unlawfulness. Any landlord passing on information about someone’s alleged drinking, drug use, or criminal behavior could find themselves sued for libel, and if they cannot prove this behaviour – and it’s difficult to know how they could – then they would lose. The company may also be breaking the law under Human Rights legislation which protects the right to privacy.
Just as importantly there is nothing to stop landlords reporting people as alcoholics or drug users out of spite or because they have religious views which mean they object to certain behaviour. Tenants themselves may never even know they have been libelled as they will simply be refused a property with no explanation.
Not content with digging around in the private lives of tenants, the company also acts a lobbying organisation for landlords with the aim of eroding tenant’s rights. The company seem to be in favour of illegal evictions, complaining that it is a criminal offence if a landlord violently evicts a tenant without a court order whilst tenants who struggle with the rent can only be pursued through the civil courts. No doubt they’d like to see the return of debtors prisons as well.”
Over the following days, Paul Routledge responded to the accusations laid against his company, decrying an anarchist conspiracy against him, revelling in the poverty and destitution he helps create and libelling Johnny in increasingly bizarre and abusive ways (much of which was recorded for posterity in a series of blog posts.)
After an anonymous user submitted a query to the Information Commissioner’s Office (ICO) in July 2013 regarding the ‘Landlord Referencing Services’, the ICO have responded, acknowledging concerns about whether the operation of this service complies with the requirements of the Data Protection Act 1998 (DPA) and stating:
“A database containing information relating to tenants such as rent arrears, the condition of the property, tenant behaviour or any other issues relating to tenants which will be shared with other landlords must be accurate, proportionate and operated in compliance with the principles of the DPA. Tenants should be made aware that their information may be shared with other landlords in this way.”
The ICO have agreed to continue to monitor the company and may look into this matter further should they receive any future complaints from tenants directly affected by the processing of their data. It is, however, important for tenants on this database to register their concerns and complaints with the ICO before any action can be taken. Here’s the ICO’s enforcement action criteria.
Individuals who are concerned about their private personal data being abused are also encouraged to make subject access requests to the Landlord Referencing Service, so that they can confirm or deny whether they are processing your personal data, ascertain what information they hold about you, determine the purpose(s) for the processing of your personal data, find out who the recipients are, and where your personal data came from (sources, if available).
Here is a simplified guide to the Subject Access Request (SAR) process:
- Have a quick read of the company’s privacy policy. The Landlord Referencing Service’s privacy policy isn’t clearly displayed on the website, but you can find it here. Also, the privacy policy does not provide a contact for managing SARs, so you will have to use the contact details they have provided on their ‘Contact Us’ webpage – the difficulty in finding the privacy policy, together with it’s inadequate content raises data protection issues in itself.
- Every communication with them should be recorded with accurate contact, date and time logs because if you choose to make a complaint to the ICO, they will request chronological evidence of the nature and scope of your complaint.
- Since the company doesn’t provide any information about SARs, and given that it does not offer an email address for contact, you should call the number listed on the ‘Contact Us’ page to ask about their preferred method for making a SAR, and whether they charge a fee (in most cases no more than £10 is chargeable). Once they have clarified this, submit a request in writing to them. Submitting a written postal request with a cheque is usually easier, unless the company has a direct debit system, waives the fee and/or provides an email address for the SAR.
- The company can request information verifying your identity and that which assists the company in locating your personal data. Be careful that they don’t delay in fulfilling your request, or take liberties here.
- The time limit for the company to respond to the SAR is 40 calendar days. This starts when they receive your request, unless they have requested further information from you to assist in verifying your identity or the location of the personal data at which point the 40 calendar days will start once they have received that information.
- The information provided in the SAR, once the company has responded, should provide a copy of your personal data that they hold at the time of the request. It should also be intelligible, meaning that codes should be explained.
- You should also be aware that many complicated exemptions exist for SARs to certain organisations. For example, where secret processing is being undertaken and some cases where personal data is being processed for crime & taxation purposes. It is, however, unlikely that these exemptions will apply for the Landlord Referencing Service.
- You cannot use a SAR to reveal the identity or to access a copy of the personal data relating to another as, without the company obtaining the consent of the third party, they are likely to find the disclosure of that information to you ‘unreasonable’ (unless there is a public interest, a statutory obligation, or the third party is deceased).