Civica’s Executive Director, Housing & Asset Management Jeff Hewitt looks at the results of a recent survey into privacy policies for housing associations ahead of the 2018 GDPR legislation
Today’s housing associations provide a vital service to citizens, whether via small independent charities or multi-disciplinary groups; and when it comes to the collection and storage of extremely sensitive data, housing associations often hold vast amounts of records about both their clients and the communities they support. As well as general contact, tenancy and financial information, this data can include details on people living with a disability, as well as information on elderly or vulnerable people .
Equally, housing associations operate in a complex environment. They often provide additional services to tenants, use external contractors as well as collecting information digitally. This can mean that it’s far too easy to share sensitive data across different organisations and departments without recognising the legal implications, and even increased risk of data being lost or hacked.
GDPR: Ready or not
Regardless of Brexit, housing associations in the UK will be subject to the General Data Protection Regulation (GDPR) from May 2018 – legislation which will be strictly enforced. At its core, the regulation brings greater accountability and transparency for all organisations which collect, store and analyse personal information. The balance of power is shifting back to citizens, giving them greater control and re-enforcing their ‘right to be forgotten’ – which creates new obligations for organisations.
Our research looked at a number of key measures of how the current privacy policies of the studied housing associations measured up. Here are some of the key findings:
• A staggering 99% of housing associations do not mention profiling in their policies, while under the GDPR, it should clearly state how collected data is used to create profiles.
• Only 52% of privacy policies scrutinised showed a clear reference to sharing of data; a practice which is highly likely to occur in housing associations.
• Looking at how long data is kept on record, the vast majority (96%) do not mention details; but under GDPR it will be essential to consider how long we retain data and verify this period has been considered and documented.
Complying with GDPR will inevitably involve increased work, time and cost in implementing strategies and processes to comply. Yet, if done in the right way, the opportunity it creates to build or strengthen trust could well outweigh these issues. Now is the time to not only protect your organisation, but also go a step further; to truly build and deepen trust with your tenants.
To download the full research report, visit www.civica.com/housing or join the debate on GDPR: Ready or not at www.civica.com/gdpr