• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • Blog
  • On Demand
  • Contact
Home / Magazine Articles / Data protection – Does it really apply to us?

Data protection – Does it really apply to us?

For housing providers, storing significant amounts of personal data is now the norm. Much of it is a natural response to the challenges thrown at the sector over the last few years, such as welfare reform and universal credit, as well as identifying protected characteristics to ensure that we are offering a fair service that reflects diversity among our tenants.

We are typically well-run businesses with good governance. I would say the majority of housing providers want to do the right thing, understand their obligations, employ internal auditors, have policies in place for everything and have the benefit of quite simple business models. So, surely we are all ‘acing’ those data protection principles then?

Well, no. The sector has always had a ‘we know you’re there but if we don’t make eye contact, you’ll leave us alone’ relationship with the Information Commissioner and a ‘does that really apply to us?’ attitude towards the Data Protection Act 1998. Why? Well. I have a theory about why the sector is generally not as hot on data protection as it should be.

The first reason is housing management systems. They just don’t have the tools within them to handle the existing principles that came into force 16 years ago. You would think that by now we would have the appropriate controls within those systems to manage data retention, ensure appropriate consent is recorded, handle data subject access requests and allow the secure transit of data to other parties.

The second reason is attitude. We just don’t care that much about it as businesses. Only IT people tend to get worked up about it and everyone else just wonders why they are getting so animated. It isn’t difficult to resolve this one; making everyone aware of data protection legislation is an absolute must and the ICO would expect annual refresher training to be mandatory. You should use this as a mechanism to drive the data protection agenda in your organisation.

More importantly, there is the causal link. The systems are not compliant because we don’t think it’s that important. Also, because the systems are not compliant, we don’t want to draw attention to that. One of the best things I’ve done is to implement privacy impact assessments (PIA) for new systems, processes and policies. Rather like when you get to see how clean your teeth really are, a PIA is a nice big disclosing tablet which shows you how you can provide privacy and comply with the DPA. It is also worth mentioning that if you do one of these as part of your next IT tendering process, you’ll be amazed at the discussions you will have.

Typically, to get change requires a catalyst. The good news is there is a catalyst in the near future which will allow you to up your game.

As Father Christmas was starting to prepare his Christmas deliveries, the three institutions that form the EU (parliament, commission and council) reached their tripartite agreement on the new General Data Protection Regulation (GDPR), a replacement for the 1995 directive that most of you will recognise as the Data Protection Act 1998.

The EU realised that a single harmonised framework for data protection was the way forward, replacing the patchwork quilt of legislation for each country that met the minimums of the 1995 directive, but also reflected the very specific attitudes of the each country.

The new agreed texts will now go back to the council and the parliament for ratification. Once the final text has been translated into all of the EU languages, it will be formally signed by the presidents of the parliament and the council and then published in the Official Journal.

It should be in force from 2018. I won’t bore you with lots of detail; you can look it up online (make sure you read the latest text agreed in December 2015) or engage with one of the data protection consultants in the sector. What you can’t afford to do is to keep your head buried in the sand.

Hopefully, we all have finance departments; teams of people who specialise in understanding where money enters the business in the form of income, what it does while it’s there, and where it leaves in the form of expenditure. Transactional data is recorded and reconciliations are carried out to ensure that we can all comply with accounting practices. Why? Money has a value.

Well, information has a value too. It has a value to the person whose data it is. It also has a value to the business. Indeed, if the value of the data is zero, we shouldn’t hold onto it. So, why not track it and ensure that it still has value? The new regulations tighten up on ‘consent’ to the point where we will have to start tracking personal data. When a tenant fills out a form, we need to record that data along with some metadata that says that it came from a particular form that we received on a certain date, that they gave explicit consent and that we said we would store it for a certain amount of time or delete it once it was worthless to us. We need the record keeping because if we fail to record things, we could be liable to a fine of 2 per cent of our turnover. Can you think about how you would record this metadata for each element of data, or even type of data, in your housing management system?

Well, if we apply the right amount of pressure to housing management system providers, then we will get the tools to manage information in that way, to start thinking about it as a valuable entity, just like the money. After all, you wouldn’t buy a housing management system that couldn’t handle income correctly. So, we need to ensure that they will work with the new regulations and that they support us. I would urge user groups for housing systems to start discussing this as soon as you can to provide a set of standard requirements for them to implement in their systems.

In the meantime, start to think about data protection in everything you do. Privacy impact assessments are a great idea to help you do that and you could start doing these now. Start now, but start small. You could do risk assessments on your contractors to see how good they are at data protection. There are lots of useful resources on the ICO website (ico.org.uk) or you could go to one of the data protection consultancies in the housing sector.

Paul Rowley is head of information services at Havebury Housing Partnership.

See More On:

  • Housing Association: Havebury Housing Partnership
  • Topic: General News
  • Publication Date: 050 - March 2016
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Free cyber-defence tools from NCSC
  • Learning from history
  • Grand Union Housing gets connected with Aico HomeLink
  • The silences in the system: Predicting and preventing damp and mould
  • Looking back and to the future: Cyberthreats in social housing
  • Hyde signs repairs contract with Totalmobile
  • Fuelling high performance automation
  • Morgan Sindall’s Carbon Zero decarbonisation tool
  • An ethical approach to arrears
  • Housing and the ever-evolving workplace
  • Supporting residents with home safety risks
  • Less innovation & more service design at RHP
  • Ateb Group outsources IT help desks to Central Networks
  • Capital Letters partners with Evo Digital to tackle homelessness
  • Calico appoints M247 for digital transformation
  • 24/7 care requires 24/7 technology
  • Govtech trends for 2023
  • Are you ready for business process automation?
  • Lincoln council moves to the cloud with Civica
  • Why do IT business improvement projects fail?
  • Flagship and Ebrik launch augmented reality app
  • Following the golden thread
  • Setting the standard for carbon-monoxide protection
  • The business case for data
  • Digital twins – When, not if…
  • Using data to build communities
  • The cyber-security jigsaw’s missing piece – Managed detection & response
  • Cyber-security challenges in housing
  • Digitalising retrofits with SHDF & HomeLink
  • Tips for improving care and support

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2022 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293

htc23 pop banner