Warning Sounded as Cybersecurity Penalties Ramp Up

Australia is upgrading strict data privacy laws and regulations.

Breaching these laws will result in hefty penalties and the immediate loss of brand reputation.

Unfortunately, many developers and agents use legacy systems that provide limited security of client data. So, what can you do? Is there a comprehensive solution available?

“The continued use of legacy sales tools and processes puts developers and builders at new levels of risk,” the managing director of SaleFish AU Tony Tadros said.

The pandemic has revealed that ad hoc tools such as email, texts, chats, and other single-task software used on personal or company devices are simply not secure.

The improper handling, collection, and storage of personal data is the leading cause of most data breaches.

The only option is a fully integrated, secure end-to-end platform sales system that comprehensively addresses the above issues.

There are three pillars of cyber security. They are:

Technical controls

Preventing the compromise of confidential information

This includes strict and auditable hardware, software, and access controls

Policies and procedures

Ensuring no interceptions are made that put your company or your clients at risk

These controls cover all scenarios (In office, remote, and use of personal devices)

People

Preventing the loss of Personal Identifiable Information (PII)

Preventing the fraudulent use of your payment data due to a breach of data

Kinds of personal information involved in breaches: all sectors

^{^ Source: OAIC}

According to the Office of the Australian Information Commissioner (OAIC), this graph depicts that contact information (name, address, phone number, etc.), identity information (driving licence, passport details), and financial details (banking details, credit card numbers) take the top three spots.

Legacy systems and process risk examples

The current processes and legacy systems do not protect your client’s data. Sellers now face new penalties when they fail to protect their client’s privacy and personal data.

Real-world examples that have led to data breaches in Australia include:

Manually completed reservations or Expressions of Interest (EOI’s) include PII, such as photos, driver’s licence, or passport.

Agents often collect buyers’ data manually, using inefficient and insecure ad hoc processes (mobile phones, emails, etc) to developers and other parties

Legacy platforms often do not move past the reservation or EOI forms, exposing developers, agents, and purchasers to privacy breaches.

Buyers entrust agents with their contact information, credit, and income details to fill out on their behalf via the limited legacy reservation or EOI forms to secure a purchase. 

Last year, human error data breaches accounted for 30 per cent of all data breaches, according to the AOIC.

Agents have accidentally shared confidential data, posted personal data online, or left it lying around in offices.

Breaching privacy laws in Australia can put you and your company at risk of receiving significant penalties (up to $2.1 million and $10 million for repeated breaches) and even jail.

Hence it is paramount to understand obligations and responsibilities under the new Australian privacy laws.

So, what can be done?

The post-Covid scenario is different for every industry, and the real estate industry is no exception when it comes to data collection and information security. The critical steps required to protect you from cyberattacks and data breaches may include:

Review all policies and procedures that govern how personal data (PII) is collected and stored in your organization

Periodically audit your IT security policies, technical controls and infrastructure to ensure it keeps up with the evolving threat landscape.

Conduct regular employee training on identifying and responding a cyber incident.

Finally, real estate agents and developers dispose of legacy systems to more advanced solutions that provide comprehensive data security.

▲ Australia is upgrading strict data privacy laws and regulations—for the property sector, it means the processes of yesterday won’t cut it today.

Why SaleFish?

SaleFish is Certified as Cyber Secure by Cyber Essentials Canada, which is on par with the GDPR federal government certifications offered in the UK, EU, and the US.

These countries are working on bilateral agreements to enable these certifications to be recognised in each region as an equivalent certification.

SaleFish includes a best-in-class four-factor authentication solution to ensure a robust security posture.

Australia has not yet implemented a Cyber Security Certification on par with Cyber Essentials. However, the ACSC (Australian Cyber Security Centre) strongly recommends implementing MFA (Multi Factor Authentication). Hence, you can be assured partnering with SaleFish puts your organisation at the top of the secure data global standards.

SaleFish Software is a global market leader in the property space with the proven capability to generate contracts for the chosen property, derived from real-time stock lists, and steps all parties through an innovative digital workflow to eliminate any risks to buyers, property agents, and developers.

Here’s how SaleFish’s solution works.

The buyer, agent, or both pick out the home or property of their dreams

Then we biometrically authenticate the buyer’s identity to their government ID, including an international fraud list review, and populate the data directly into the sales contract eliminating human errors such as misspellings.

Our integrated one-touch digital signature solution instantly signs all of the documents where they are required and will process any electronic deposit as per the transaction requirements

After that, we securely email all parties with four-factor authentication (MFA or Multi-Factor Authentication) for enhanced security to access the contracts and necessary digital paperwork for everyone involved in the transaction.

In the end, SaleFish is the one-stop shop to enable your company to comply and follow the complex and ever-changing regulations cost-effectively.

The risks associated with data privacy when selling property development projects are significant in today’s unprecedented times of evolving cybercrime.

The lack of practical data governance and legacy systems are critical contributors to these risks. They may lead to undesirable outcomes, including financial loss, reputational damage, and regulatory penalties.

Therefore, real estate developers and agents need to implement a data governance framework that securely identifies and manages sensitive data to mitigate these risks.

The Urban Developer is proud to partner with SaleFish to deliver this article to you. In doing so, we can continue to publish our daily news, information, insights and opinion to you, our valued readers.