Contact Consumer Protection
Tel: 1300 30 40 54
consumer@demirs.wa.gov.au
See all Consumer Protection office locations
9 December 2022
In light of recent Optus and Medibank data breaches, the Department of Energy, Mines, Industry Regulation and Safety – Consumer Protection Division (Consumer Protection) has noted questions about the responsibilities of property industry professionals when it comes to collection and storage of personal information.
Avoiding a similar incident comes down to the security of your business’ systems and practices, including the appropriate management of personal information.
Settlement agents will find themselves collecting personal information in the course of business. This bulletin will outline verification of identity (VOI) requirements and any requirements/recommendations for protecting this information.
The Settlement Agents Code of Conduct 2016 (WA) (the SA Code) requires settlement agents to identify their clients as soon as possible before settlement takes place. The requirements of the SA Code are complemented by the Verification of Identity and Authority Practice (the VOI practice) issued by the Western Australian Registrar and Commissioner of Titles.
The VOI practice applies to nominated electronic and paper-based land transactions. Electronic conveyancing is now the standard settlement process in Western Australia.
The VOI practice for electronic transactions (including conveyancing) is set out in the WA Participation Rules Version 6 (the Participation Rules). The Participation Rules require settlement agents to take reasonable steps to verify the identity of the seller and buyer of land.
The Participation Rules require evidence supporting the verification of identity, such as certified copies of identity documents, to be kept for at least seven years after lodging the instrument (document, form etc.) the VOI was required with Landgate.
The Registrar and Commissioner of Titles strongly recommends that any certified copies of identity documents are kept in a secure manner to prevent misuse.
If your business has an annual turnover of more than $3 million, it is covered by the Privacy Act 1988 (Cth) (the Privacy Act) which means you must comply with the Australian Privacy Principles.
An organisation covered by the Privacy Act can only collect personal information that is reasonably necessary for its work. The Privacy Act also requires businesses to protect information while they have it, and to destroy or de-identify it when it is no longer required.
A small business is able to ‘opt in’ to the Privacy Act to improve confidence of its customers.
The Australian Competition and Consumer Commission recommends the following steps to avoid scams:
ACSC:
Office of the Australian Information Commissioner:
Disclaimer: This bulletin contains general information obtained from internal and external sources to the Western Australian Department of Energy, Mines, Industry Regulation and Safety. While we use our best endeavours to ensure the information is correct and current at the time of publication, changes in circumstances after that time may impact upon the accuracy of the material. The department takes no responsibility for any error, omission or defect therein. It is your responsibility to ensure the information is still correct when applying it to your situation in the future, including seeking independent professional advice.
Last modified: