If you are a property manager or landlord you will handle personal information, not only from existing tenants but also from prospective tenants during the rental process. Whilst collection of this sensitive information is essential for robust tenant referencing it is because of the nature of the information that becoming a target of identity theft is a realistic risk.

Under the GDPR (General Data Protection Regulation) anyone collecting personal information will be liable for its safekeeping and protection against theft. Unfortunately, when such data is targeted identity thieves will often take more than just one individual’s information which can lead to hefty fines. It is therefore crucial to take appropriate measures to safeguard any personal information provided by prospective, current and past tenants.

Assuring Tenants

More and more people are becoming concerned about how their personal data will be handled. Communicating the safeguards in place will help tenants at all stages of the process to feel more comfortable in releasing information.


Identity thieves often use several approaches to illicit personal information. Here are some considerations for securing tenant information: -

Computer protection: -

Ensure electronic attacks are avoided by password protecting your files and keeping your virus protection and firewall up to date. Avoid storing tenants’ information on laptops and other devices that are regularly used outside the office and could be easily stolen. If it is important that you have access to this information whilst out and about consider remote network access that will enable you to obtain the information you need form a central secure location.

Releasing information: -

Personal information should only be released to persons or organisations specifically authorised by the individual and should never be disclosed over the telephone, through the post or electronically unless the receiver’s identity has been confirmed as legitimate.

Proper disposal: -

Rubbish is a common target for identity thieves. Obsolete papers should be shredded or securely disposed of by professional security waste collectors to avoid theft of data in this way.

Tenant communications: -

Always try to include a little sensitive information as possible when communicating with tenants by post or electronically. It this is not possible, always do the best you can to ensure that it reaches the tenant in a secure fashion. Outgoing post should go to secure collection boxes and electronic communication should only be used when there are security measures in place to prevent public access.

Employees: -

It is important to take great care with hiring decisions to prevent employee theft or leaks. Employees should not have carte blanche access to all records but only those that apply to their work. If any employee leaves for any reason, it is vital to ensure that access to any sensitive information is immediately revoked.

Initiating a plan that regulates how your organisation deals with tenant information will help keep your tenants safe while at the same time protect your business from liability.

Additional protection: -

Whilst you can’t be held responsible as to how the tenants themselves protect their sensitive information there are some measures you can take to help: -

Consider individual post boxes that require a key to access.

Consider keeping rubbish bins in fenced in or enclosed areas to prevent it being rummaged-through, this will also help to prevent non-tenants from using tenant’s bins.

For insurance advice

click here