Ensuring Legitimate Sources

Information can be power, but with great power comes great responsibility, especially when it comes to handling confidential information. 

This article is a reminder of the importance of ensuring you use personal information ethically and legally. 

Understand the Risks

 Unauthorized access to confidential information can lead to serious legal consequences. It breaches ethical boundaries and violates Rules set forth by RECA, guidelines of the Office of the Privacy Commissioner, provincial legislation such as the Personal Identification Protection Act (PIPA), and the legislation of other regulatory bodies.  

Unauthorized access may not always be exactly what it sounds like. It’s not necessarily about stealing personal information or hacking into databases without permission (although of course, those acts are bad, too). Sometimes it’s  online information found on a third-party website. Is permission required to use this information? The answer is almost always, yes.  

Take, for example, a recent incident where a broker contacted RECA regarding a client who received an email to their private address from a licensee who did not have legitimate access to the information. The licensee had not been given the email directly and did not have consent to use it. Upon inquiry, the licensee admitted to using a third-party service to obtain the email address. This example underscores the importance of obtaining consent. Even if the information is accurate, you shouldn’t use it if you do not have permission. 

What is Personal Information 

In general, the information in question must be about an individual or lead to the identification of a specific individual for it to be personal and protected. 

Common sense examples of identifiable information include, name, home address, home phone number, e-mail address, business address, and names of associates and family members. Information “about” an individual is identified as relating to or concerning the person. This includes banking information, transaction histories, mortgage and real estate documents, emails, and text messages. Basically, if the information permits or leads to the possible identification of an individual, then that information is deemed personal and safeguarded. 

The information does not need to be recorded to be considered personal and protected. If the information is identifiable to an individual, its communication method is irrelevant. The information could be communicated via email, written document, or a telephone conversation. Personal information passed through a conversation may also trigger a breach of Real Estate Act and its Rules. 

Publicly Available Information

The public availability of information does not necessarily diminish its classification as personal or your obligations to protect that information. 

Meaningful consent is a core element of Canadian privacy legislation. The best practice is to obtain consent from the individual before disclosing any personal information. Consent is only valid when the individual understands what they are consenting to. 

The rule of thumb is that the information must be used with the same intent as it was collected. For example, if public information was collected on a trade website and intended to be used for that specific trade, then the information is protected, and its use is limited. 

Additionally, if private information is presented with publicly available information and the source permits the identification of a specific person, then all the information is considered private and protected.  

Best Practices 

First and foremost, consent must always be obtained. Whether it’s from clients, potential leads, or third-party sources, always ensure you have explicit written consent before accessing or sharing confidential information, such as an email or physical address, personal information such as a birth date, or a place of employment. Additionally, vetting your sources is crucial. Take the time to evaluate third-party services and only use trusted websites and resources. Always double-check the accuracy of the information directly with the source if it was obtained second-hand. Remember, just because information is available does not mean you can use it. It may still be protected under legislation and its use could be limited. 

Common Mistakes 

• avoid temptation to skip obtaining consent or access information through unauthorized means 
  be wary of your source 
• do not share information without obtaining informed written consent 
• sanctions and penalties can occur when information was obtained or shared without consent 

In the end, maintaining your integrity and safeguarding confidential information should be non-negotiable. By doing so, you not only protect the interests of your clients but also uphold the trust and integrity of the real estate industry. 

If you have questions regarding information sources or would like to discuss this topic further, please reach out to RECA’s Information Services team at info@reca.ca.