The absence of specific data protection clauses in real estate agreements often makes it difficult to prove data breach in the court of law. Homebuyers data is neither confidential for builders nor for apartment management third-party apps.
cross mature property markets around the world, an impression has gained ground that the real estate sector is also vulnerable to cyber attacks. A few years ago, US media reported that the company that managed the Brooklyn condominiums where cyber security expert Roman Sannikov lived, was hacked. The hacker locked down the property manager’s IT system and demanded the company pay a ransom to access them again.
This is not a solitary incident as far as data breach in the real estate industry is concerned. Cyber security experts are appalled that Indian buyers do not pay much attention to such situations and more often than not just shrug it off.
In India, it doesn’t require a cyber security expert to access data of homebuyers or for that matter those scouting for an apartment. It’s often the sales representatives or even people working with real estate firms who circulate the data at the cost of the buyers’ privacy.
Take the case of Rajat Mehta who resides in Noida. Ever since Mehta bought a ready-to-move-in apartment and moved in, he has been flooded with phone calls by brokers, who ask him whether he would want to sell his house at a premium or rent it out. When he asked the caller as to who had shared his number, the caller casually responded that it was given to him by the builder’s office.
When he registered his complaint with the estate manager, he was informed that the sales team had already sold the apartment to him and the buyer was responsible to deal with such calls.
I was once having coffee with a mid-sized developer in Delhi-NCR and a broker. During the conversation, the broker advised him not to advertise the newly launched project but pay him additional commission for sharing data of buyers looking for property.
When I inquired further, I found that this was not a simple data breach. I found out that the person attending to the enquires from prospective buyers was actually hand-in-glove with a few brokers and that data of prospective home buyers was changing hands for a price.
I also found that it is not just the developers’ team responsible for data theft, the estate management third-party apps are equally guilty of sharing not just the apartment owners’ details but also that of his entire family.
Model Builder Buyer Agreement
Can homebuyers take legal recourse to protect themselves from such pesky calls and protect their personal data from being circulated? Advocate Devesh Ratan says their data will be protected once the Data Protection Bill that is pending in Parliament is passed. As of now, there are some provisions under the Information Technology Act, 2000, vis-à-vis the safety of sensitive personal data.
“You can file a criminal case against the person who has illegally accessed your personal data. But basic data such as name, phone number, email id, etc., are not covered under sensitive data. Currently, the law does not prohibit access to basic data. But as a general principle, if I am sharing my data with someone for a specific reason, there is an inherent understanding that it would not be leaked and that I can sue him if it is. But to prove that data has been leaked is not easy,” says Ratan.
Venket Rao, legal adviser with UP RERA, says that even though there are enough laws dealing with data protection, this provision is never clearly mentioned in the Booking Form or the Builder Buyer Agreement. Hence, one finds data being shared across sectors, be it insurance, banking or real estate. Confidentiality clauses are not generally respected.
“I think, even the proposed Model Builder Buyer Agreement has not looked into this grey area. There must be an inherent clause in the agreement itself to safeguard buyers. It should be like a confidential KYC (Know Your Customer),” says Rao.
Does this data breach affect the industry at large? Or is it a case of buyers’ harassment alone? A managing director of a realty firm requesting anonymity admitted that this is not only unethical but also costs a fortune to developers as their potential client list is often compromised. Often builders have the same set of potential buyers and that defeats the whole purpose of a client list.
To sum up, the absence of specific data protection clauses in real estate agreements, often makes it difficult to prove data breach in the court of law. Homebuyers data is not confidential, neither for the builders nor for the apartment management third-party apps, but it remains to be seen if the Model Builder Buyer Agreement will finally end this practice.
