September 24, 2025 • 18 mins
Hosts Ciaran O'Brien and Peter O'Malley expose the hidden risk of insider threats in the real estate industry, where organised crime syndicates are placing moles inside agencies to access sensitive personal information. With data breaches costing consumers and businesses dearly, this episode highlights why protecting client data is now a frontline issue.
We also discuss:
- Criminals purchasing personal data through insiders for as little as $250
- Why real estate agencies are prime targets due to the volume of sensitive information they hold
- Underworld figures using clean associates to infiltrate legitimate businesses
- The need for both tech solutions and human vigilance in safeguarding data
- Harris Partners’ own security measures, including regular system checks and document shredding
- A real-world case of a departing agent downloading 6,000 client contacts, resulting in Supreme Court action
- The role of digital fingerprints in tracing potential breaches
- Ethical responsibility and self-interest driving better business protections
- Why consumers must be selective about the information they provide and regularly review what’s held about them
As always if there is a specific topic you would like for us to cover, please reach out and let us know!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
All down, all silent, going, going, going, gone.
So congratulations.
Speaker 2 (00:07):
Welcome to the Current Market Insights podcast
brought to you by HarrisPartners Real Estate.
Each episode we chat with realestate author and industry
leader, peter O'Malley, todiscuss the current property
market conditions and provideinsights to assist you on your
property journey.
Speaker 3 (00:29):
Hello and welcome to another edition of Current
Market Insights.
I'm your host, kieran O'Brien,and with me is Mr Peter O'Malley
.
Peter, hello G'day, kieran,great to see you.
Great to see you again, peter.
I want to talk this week about atopic that's a bit, you know,
newish for us or a bit off-brand, I guess, compared to our usual
market discussions, but therewas an article published
recently in the Herald thattalked about something known as
(00:52):
the trusted insider, and itrelates heavily to data and data
security, which is a topic wehave talked a lot about before.
But the crux of it is that,basically, the article says
anyone can be gotten to, andthey're referencing the idea
that underworld figures andorganised crime etc.
Are gaining access to ourpersonal data, and one of the
(01:13):
avenues that they mention asbeing a regular source of
information for these groups isreal estate agencies.
So I thought really great topicfor us to talk about, given
that you and I both proselytizeabout data security and
integrity etc.
Uh, on the podcast, you know,as the years have gone on, I'd
really love to get your insightsinto this article, into this
issue, uh, whether you have anyfirst-hand experience with
(01:35):
anything like this or have heardanything about this, uh, and
really what it does kind of meanfor the industry overall look,
it was pretty concerning to readKieran, but it's heavy duty,
there's no doubt about it.
Speaker 1 (01:45):
So there's a quote here from a jailed crime boss,
as they've described him, and hesaid people give out their
information like free lollies towhoever when they sign up for
100 different services realestate listings, toll accounts,
telcos, real estate listings,toll accounts, telcos, streamers
(02:07):
, online shopping, loyaltyprograms it's held effing
everywhere.
Almost anyone can be gotten to.
You just have to have the rightconnections.
You can find them there around.
So, basically what the articleis saying the underworld have
tapped into all of thissensitive information that's
held on all of us in all ofthese vulnerable businesses, and
(02:29):
by that I mean is that a youknow a bank, for example, has
the financial ability toinsulate itself against leaks.
Notwithstanding, we discussed,probably two or three months ago
, the time that I had alegitimate call with ANZ, hung
up the phone and then got a callfrom you know someone highly
dubious, purporting to be fromANZ.
(02:51):
Having no one, I just had a chatwith ANZ and wanted to confirm
my personal data and I was likeman, this is well off, but this
is also frightening,sophisticated.
It's sophisticated becausesomeone inside ANZ has just
tipped you off that I've justhad a critical chat and now
you're, under the guise of justwanting to reconfirm personal
data.
That's frightening, and someonewho's less unsuspecting in that
(03:15):
moment could have quite easilyvolunteered information they
shouldn't have.
But when you get down to awayfrom major corporations and you
get down to humble businesseslike family-owned real estate
offices, the reality is is thatthey collect so much data
personal sensitive data ontenants, landlords, vendors,
(03:37):
property purchases and if theydon't adequately protect that
data, they're highly vulnerableto being hacked to an insider,
which is what this article istalking about a trusted insider
leaking information about peopleout there and selling personal
and sensitive information whichcan have wide, widespread
(03:58):
ramifications, which we all knowabout, if your credit card,
your home address, your of date,your driver's licence is being
leaked out there.
So a phenomenal issue.
The media are quite right indrawing attention to this and we
should be talking about it alot more.
Speaker 3 (04:15):
It's really interesting.
I remember you talking to meabout the ANZ thing and I don't
think at the time I ever puttogether that there might be
someone at the bank textingtheir buddy saying, hey, give
this guy a call, here's hisnumber because we've just dealt
with them right.
I think myself and many otherswould just assume that the real
risk to our data is cyber hacks,because that's what we hear
(04:36):
about.
You know, there's so much moneyand, as you say, the banks can
spend millions and millions ofdollars securing their networks
and their systems, but they'rereally other than you, other
than key loggers.
There are ways, but it's verychallenging to mitigate
someone's nefarious behaviourwhen they're on site with access
and they're in a trustedposition, where a real estate
office is a good example where,theoretically, anyone that works
(04:59):
in the agency could access dataif they wanted to.
Speaker 1 (05:02):
Well, let's go there.
We'll read some lines from thisarticle to give the listeners
exactly what's going on.
Yeah, Sure, Organised crimegangs have been placing moles
inside companies to gainprotected information that is
used to commit serious andviolent crimes, including
extortion, drug trafficking andattempted murder.
The infiltration of theseorganisations via workers such
(05:26):
as customer service and callcentre staff, real estate agents
and lawyers has been flagged asa significant threat by federal
and state law enforcementagencies.
The underworld has access tocompromised workers who sell
personal information for aslittle as $250 or have been
(05:47):
deliberately embedded insidecompanies specifically to leak
to criminal syndicates.
Speaker 3 (05:54):
Yeah.
Speaker 1 (05:55):
The information's been used to set up attempted
hits and bashings, runextortions and to create fake
identities used in a host ofcrimes.
And then you know the police goon to say in this that the
brass ring, according to lawenforcement and underworld
sources, is to infiltrate abusiness or department using an
(06:16):
associate, often a relative, whohas a clean criminal record and
is therefore above suspicion.
Land ownership and residentialaddresses can be accessed
through multiple differentcommercial information service
providers and government landtitles departments.
Speaker 3 (06:32):
Yeah, it's amazing the depth of infiltration.
You know you would think it'smaybe relatively easy to
infiltrate like a smallerbusiness or you know a
family-owned operation wherethey get access to data, but
it's also not as rigorous as Isay.
But you're talking about, likethe land title office and senior
government departments.
Like it's amazing that, uh,they're organized well, not that
they're organized enough, butyou know that's a long game,
(06:54):
right, that's a long play to getsomeone into a position where
they can access this data andthen utilize that down the line
yeah, but if you go to the localreal, to the local lawyer's
office, some of these othersmaller businesses that just
don't have the scale to havethis sort of protection and
regulation you know,self-regulation in place,
they're highly susceptible tothis so I mean, ultimately, this
(07:17):
is a really important topic,but what I mean, what, what gets
done about this as an?
okay.
So a question for you as anagency owner what are the steps
that you could?
You know, what do you do tokind of make sure that your,
your client, starter isprotected?
Speaker 1 (07:31):
well, as you know, from a from a digital point of
view, we we had a chat earlierin the year that we needed to
beef up in that space.
It was late one night when weyou know I just finished our
compulsory development courseand it was highlighting where
data goes and whether it be atan open house or someone
inquiring through domain orsomeone buying a house from you
(07:52):
is that we needed to stress testhow we managed our data, and
we've come up with an internalgame plan there about managing
passwords, changing passwordsevery time someone leaves the
business, wi-fi codes.
You know getting best practice,having our IT provider run
(08:15):
tests and stress testing oursystems is all part of it.
I don't pretend to be an expertin that space, by the way, but
certainly IT security is thenext big frontier for many, many
businesses.
There's no doubt In terms ofwhat we deal with in a tangible
(08:35):
manner.
As you know, kieran, there'sshredders right through this
office.
I want all sensitive documentsand have for the last 25 years,
sensitive documents shredded.
I don't want them put in arecycling bin.
So, for example, we do have arecycling bin and we have a
sensitive document bin, but wealso have shredders and anything
that's highly sensitive isshredded here and then taken
(08:56):
away.
So you just can't be too safe.
And you know I got ontoshredders when I read frank
abagnale's book yeah, rightbecause frank, frank frank said
if you're looking he just askedthe question you asked if you're
looking to protect yourselffrom people like who I was back
in the day, get yourself ashredder and shred everything.
Put nothing in the bin.
(09:16):
Put nothing in the bin anddon't rely on document
destroying companies, because,with respect to whoever we use,
whoever the next company uses,the person that comes to pick up
the bin Could be involved.
Yeah, who said they're clean?
So if it's highly, highlysensitive, as Frank Abagnale
said, the world's, you know,most prolific con man, let's say
(09:38):
I won't say greatest con man,for fear I'm venerating him, but
the world's most prolific conman is.
Speaker 3 (09:45):
He said the only way to protect yourself when it
comes to documentation is toshred, shred or burn so do you
think then, just from anindustry perspective and I you
know I asked that questionsomewhat loaded because
obviously I'm very well aware ofwhat you guys do here and I've
been involved in making surethere's a lot of data security
in your business but do youthink that there is a reasonable
(10:05):
argument to be made thatagencies like real estate
agencies could probably moveforward operating with less data
on clients that don'tnecessarily engage in a
full-fledged transaction?
Speaker 1 (10:17):
well look.
Um, yeah, possibly, but data isthe value that runs a modern
real estate office.
Yeah, so you know, we again inprevious podcasts have spoken
about agents that move firms andjust put the their database on
a usb stick and put it in theirpocket and walk out the door and
think that's normal yeah, yeahnow.
(10:38):
Could you imagine the uproar ifyour anz bank manager uh, quit
anz.
And said, no, I've got a betteroffer at National Australia
Bank, downloaded the databaseand then went across to the road
to the National Australia Bankand started calling the ANZ
customers.
The ANZ customers would be inuproar that their data had been
abused that way.
But that happens in the realestate industry every single day
(11:02):
of the week.
Speaker 2 (11:02):
Yeah.
Speaker 1 (11:03):
And with this new model that exists in the real
estate industry, where you'vegot what would you call it a
pack of salespeople workingunder a mothership brand, but
the pack of salespeople are allindividual companies that
operate independently from theagent next door to them or the
next desk to them.
(11:23):
They think it's their right tobuild this data up, which
they're entitled to do, and then, when it doesn't suit them
working under brand ABC and theymove across to brand XYZ, they
just download the data and takeit to the next company on them.
Now, a few years ago, we had arogue salesperson leaving the
(11:44):
company and I said to thegeneral manager he is going to
steal the database.
He said no, he won't.
I've spoken to him about it andI said he is going to steal the
database.
You were here then.
Speaker 3 (11:54):
Yeah.
Speaker 1 (11:54):
Yeah.
And he said no, mate, he gaveme his word, he wouldn't.
I said okay.
So I rang the marketing managerand I said has there been a
abnormal download on agent box,which is our crm?
And she said let me investigate, I'll come back to you.
The call came back 6 000contacts were downloaded
(12:14):
yesterday, which was the daythis salesperson left the
company yeah so we went.
We took him to the supreme courtand got an injunction and made
him sign a stat deck admittingto taking the data and giving us
the usb back and undertakingthat that was the only copy of
that data and that he would notuse any of it again.
Now he was leaving HarrisPartners to go and work at a
(12:36):
firm in Leichhardt.
Yeah, the firm in Leichhardtsaid to the general manager why
are you going so hard on thisyoung kid who's just trying to
get started on his real estatecareer?
He's not going to have muchsuccess with his starter anyway.
So there's a couple of thingshere.
The young kid didn't put the6,000 people in the database.
Salespeople and staff beforehim at Harris Partners did.
(12:59):
That was Harris Partners'intellectual property.
He had no right to take it.
It was flat-out theft, which iswhy, after putting up a feeble
fight, he folded like a tentbecause he realized that the
judge was going to, you know,hammer him, spear, tackle him.
Basically for what?
For what he'd done?
He didn't.
He didn't unsurprisingly,didn't last didn't succeed at
(13:21):
the leichhardt office.
Yeah, yeah.
So he's moved on again.
Yeah, but if we had allowed ourdata to go into their office?
Suddenly a competitor's got ourdata that did nothing to
deserve it in a differentmarketplace, and he's moved on.
So the principle of the firmultimately has to be vigilant
and aware of the risks, not justin the systems but in the
(13:44):
people.
It's not nice to say that, but,as this article in the media
says, here it's humans that areaccessing the database and
extracting the information out.
So when you say, what are youdoing to protect yourself?
Um, what are you uh doing tomake sure that this doesn't
happen?
Well, one one of the ways isthat when you start touching
(14:05):
things digitally, you leavefingerprints behind you.
Speaker 2 (14:09):
Yeah.
Speaker 1 (14:09):
And I will periodically do a check in our
database to make sure thatsensitive information hasn't
been accessed and downloaded,and that's one thing that all
agency principals should bedoing with regularity.
Speaker 3 (14:23):
Yeah, look, I'm really glad, just before we wrap
up, you answered that questionand I ask it again.
I'm intimately aware of whatgoes on in your agency, having
been involved in a lot of this.
But I ask because I, you know,for all of my time with you was
constantly running spot checkson the data, making sure that it
was secure, making sure, youknow, penetration testing, doing
(14:43):
whatever we could to make sureit was safe.
But this article reallyhighlights that the occasions
where you've had me check fordata breaches or any concerns
have been a gut feeling rightand it's picking up that human
element that the system.
You know, whilst there might bea fingerprint, there might be
some digital footprint somewherehidden in the mass.
(15:03):
At the end of the day, we maynever have checked had you not
just had a gut feeling about it.
And I think that's the importantthing is that you know client.
You know clients, consumersthey have a right to request
what data is being held and, andyou know, ensure that they're
happy with that.
But at the end of the day,businesses have a responsibility
to not just assume that theirlittle, you know, glorified
(15:23):
excel spreadsheet in a crm orwhatever they use is completely
infallible and that that data issecure.
That, at the end of the day,the owners have to be willing to
keep an eye on everything thatgoes on in the business and take
that data seriously for theirown business, but also the fact
that that's someone's privateinformation I think.
Speaker 1 (15:41):
I think the principle you're 100 correct here and the
principle has a duty of careand responsibility to the
consumer if they're takingsensitive information to protect
it.
Yeah, that's half of it.
The second half, which is lessnoble but equally wise, is who
wants to be involved in a PRdisaster like the big corporates
(16:02):
have, where they're hacked, andyou know, we know some of the
big companies that have beennamed in recent years.
I guess Optus was the biggerone where they're hacked and you
know, we know some of the bigcompanies that have been named
in recent years.
I guess Optus was the biggerone where they're hacked in
personal data.
Speaker 3 (16:13):
Oh, medibank I mean iCloud was hacked, like
companies that would seeminfallible from a digital
security perspective arecompletely fallible.
Speaker 1 (16:20):
So it makes.
It's no surprise, and it makessense, that criminals are now
going to smaller businesses thathave got equally nuanced and
sensitive data but nowhere nearthe protections in place,
because the big corporates arebuilding the brick wall higher,
so to speak.
Speaker 2 (16:36):
Yeah, it does make sense.
Speaker 1 (16:38):
Yes, I do it too as an act of good faith and good
management to protect people'sdata that we take.
But secondly, god, god willing,touch wood.
I don't want to be involved ina phenomenal pr disaster where
we're hacked and that data isused in a way that no one would
be happy with.
Ultimately, the consumer's gota role to play here, which is
(17:00):
what it goes on to say, which isyou know, stop being so free
with the information that youpass out look, I I acknowledge
that sentiment, but I think itis challenging.
Speaker 3 (17:09):
Right, there are some services where you have to
provide, uh, what seems like anexcessive information if you do
want to access services.
Uh, but at the same time, youknow they mentioned streaming
services and other things uh,there is a whole range of places
where you don't need to givethem your date of birth and your
address and your passportnumber and, you know, verify
your identity with three formsof ID and a bank statement, like
it's.
I think there could be agenerational shift.
(17:31):
You know, those that maybe wereborn after the advent of the
internet age and just use it areless aware of the risk, but I
feel like you know anyone in ourage bracket anyway, who was
there for the not the invention,necessarily, but the dawn of
the internet age has always beena little bit dubious.
You know, we were the first toquestion online shopping and
things like.
(17:52):
You know, not to say that wedon't engage in it, because of
course we do, but I think we'reentering a phase now where there
is a whole generation thatdon't see any risk.
We're just living their lifeonline in all facets and that is
dangerous.
Speaker 1 (18:02):
The risks are going up, not being more contained
100% they're going up not beingmore contained.
Speaker 3 (18:06):
They're going up A hundred percent.
Yeah, look really great chat,peter.
And, as you know, a finalreminder to any consumers out
there you do have a right tocheck on your data and you
should do it frequently and makesure that you're happy with
what's out there and if there'sbits that don't need to be there
, certainly request they comedown, because you know companies
in Australia will do that foryou, talking about an important
topic.
Thanks, kieran, all the best,all the best, and thanks to
everyone for listening toCurrent Market Insights.
(18:28):
We look forward to speakingwith you next time.
Speaker 2 (18:31):
Thanks for joining us on the Current Market Insights
podcast brought to you by HarrisPartners Real Estate, the
podcast providing real estateinsights you won't find anywhere
else.
All down, all silent, going, going, going, gone.
So congratulations.
Speaker 2 (00:07):
Welcome to the Current Market Insights podcast
brought to you by HarrisPartners Real Estate.
Each episode we chat with realestate author and industry
leader, peter O'Malley, todiscuss the current property
market conditions and provideinsights to assist you on your
property journey.
Speaker 3 (00:29):
Hello and welcome to another edition of Current
Market Insights.
I'm your host, kieran O'Brien,and with me is Mr Peter O'Malley
.
Peter, hello G'day, kieran,great to see you.
Great to see you again, peter.
I want to talk this week about atopic that's a bit, you know,
newish for us or a bit off-brand, I guess, compared to our usual
market discussions, but therewas an article published
recently in the Herald thattalked about something known as
(00:52):
the trusted insider, and itrelates heavily to data and data
security, which is a topic wehave talked a lot about before.
But the crux of it is that,basically, the article says
anyone can be gotten to, andthey're referencing the idea
that underworld figures andorganised crime etc.
Are gaining access to ourpersonal data, and one of the
(01:13):
avenues that they mention asbeing a regular source of
information for these groups isreal estate agencies.
So I thought really great topicfor us to talk about, given
that you and I both proselytizeabout data security and
integrity etc.
Uh, on the podcast, you know,as the years have gone on, I'd
really love to get your insightsinto this article, into this
issue, uh, whether you have anyfirst-hand experience with
(01:35):
anything like this or have heardanything about this, uh, and
really what it does kind of meanfor the industry overall look,
it was pretty concerning to readKieran, but it's heavy duty,
there's no doubt about it.
Speaker 1 (01:45):
So there's a quote here from a jailed crime boss,
as they've described him, and hesaid people give out their
information like free lollies towhoever when they sign up for
100 different services realestate listings, toll accounts,
telcos, real estate listings,toll accounts, telcos, streamers
(02:07):
, online shopping, loyaltyprograms it's held effing
everywhere.
Almost anyone can be gotten to.
You just have to have the rightconnections.
You can find them there around.
So, basically what the articleis saying the underworld have
tapped into all of thissensitive information that's
held on all of us in all ofthese vulnerable businesses, and
(02:29):
by that I mean is that a youknow a bank, for example, has
the financial ability toinsulate itself against leaks.
Notwithstanding, we discussed,probably two or three months ago
, the time that I had alegitimate call with ANZ, hung
up the phone and then got a callfrom you know someone highly
dubious, purporting to be fromANZ.
(02:51):
Having no one, I just had a chatwith ANZ and wanted to confirm
my personal data and I was likeman, this is well off, but this
is also frightening,sophisticated.
It's sophisticated becausesomeone inside ANZ has just
tipped you off that I've justhad a critical chat and now
you're, under the guise of justwanting to reconfirm personal
data.
That's frightening, and someonewho's less unsuspecting in that
(03:15):
moment could have quite easilyvolunteered information they
shouldn't have.
But when you get down to awayfrom major corporations and you
get down to humble businesseslike family-owned real estate
offices, the reality is is thatthey collect so much data
personal sensitive data ontenants, landlords, vendors,
(03:37):
property purchases and if theydon't adequately protect that
data, they're highly vulnerableto being hacked to an insider,
which is what this article istalking about a trusted insider
leaking information about peopleout there and selling personal
and sensitive information whichcan have wide, widespread
(03:58):
ramifications, which we all knowabout, if your credit card,
your home address, your of date,your driver's licence is being
leaked out there.
So a phenomenal issue.
The media are quite right indrawing attention to this and we
should be talking about it alot more.
Speaker 3 (04:15):
It's really interesting.
I remember you talking to meabout the ANZ thing and I don't
think at the time I ever puttogether that there might be
someone at the bank textingtheir buddy saying, hey, give
this guy a call, here's hisnumber because we've just dealt
with them right.
I think myself and many otherswould just assume that the real
risk to our data is cyber hacks,because that's what we hear
(04:36):
about.
You know, there's so much moneyand, as you say, the banks can
spend millions and millions ofdollars securing their networks
and their systems, but they'rereally other than you, other
than key loggers.
There are ways, but it's verychallenging to mitigate
someone's nefarious behaviourwhen they're on site with access
and they're in a trustedposition, where a real estate
office is a good example where,theoretically, anyone that works
(04:59):
in the agency could access dataif they wanted to.
Speaker 1 (05:02):
Well, let's go there.
We'll read some lines from thisarticle to give the listeners
exactly what's going on.
Yeah, Sure, Organised crimegangs have been placing moles
inside companies to gainprotected information that is
used to commit serious andviolent crimes, including
extortion, drug trafficking andattempted murder.
The infiltration of theseorganisations via workers such
(05:26):
as customer service and callcentre staff, real estate agents
and lawyers has been flagged asa significant threat by federal
and state law enforcementagencies.
The underworld has access tocompromised workers who sell
personal information for aslittle as $250 or have been
(05:47):
deliberately embedded insidecompanies specifically to leak
to criminal syndicates.
Speaker 3 (05:54):
Yeah.
Speaker 1 (05:55):
The information's been used to set up attempted
hits and bashings, runextortions and to create fake
identities used in a host ofcrimes.
And then you know the police goon to say in this that the
brass ring, according to lawenforcement and underworld
sources, is to infiltrate abusiness or department using an
(06:16):
associate, often a relative, whohas a clean criminal record and
is therefore above suspicion.
Land ownership and residentialaddresses can be accessed
through multiple differentcommercial information service
providers and government landtitles departments.
Speaker 3 (06:32):
Yeah, it's amazing the depth of infiltration.
You know you would think it'smaybe relatively easy to
infiltrate like a smallerbusiness or you know a
family-owned operation wherethey get access to data, but
it's also not as rigorous as Isay.
But you're talking about, likethe land title office and senior
government departments.
Like it's amazing that, uh,they're organized well, not that
they're organized enough, butyou know that's a long game,
(06:54):
right, that's a long play to getsomeone into a position where
they can access this data andthen utilize that down the line
yeah, but if you go to the localreal, to the local lawyer's
office, some of these othersmaller businesses that just
don't have the scale to havethis sort of protection and
regulation you know,self-regulation in place,
they're highly susceptible tothis so I mean, ultimately, this
(07:17):
is a really important topic,but what I mean, what, what gets
done about this as an?
okay.
So a question for you as anagency owner what are the steps
that you could?
You know, what do you do tokind of make sure that your,
your client, starter isprotected?
Speaker 1 (07:31):
well, as you know, from a from a digital point of
view, we we had a chat earlierin the year that we needed to
beef up in that space.
It was late one night when weyou know I just finished our
compulsory development courseand it was highlighting where
data goes and whether it be atan open house or someone
inquiring through domain orsomeone buying a house from you
(07:52):
is that we needed to stress testhow we managed our data, and
we've come up with an internalgame plan there about managing
passwords, changing passwordsevery time someone leaves the
business, wi-fi codes.
You know getting best practice,having our IT provider run
(08:15):
tests and stress testing oursystems is all part of it.
I don't pretend to be an expertin that space, by the way, but
certainly IT security is thenext big frontier for many, many
businesses.
There's no doubt In terms ofwhat we deal with in a tangible
(08:35):
manner.
As you know, kieran, there'sshredders right through this
office.
I want all sensitive documentsand have for the last 25 years,
sensitive documents shredded.
I don't want them put in arecycling bin.
So, for example, we do have arecycling bin and we have a
sensitive document bin, but wealso have shredders and anything
that's highly sensitive isshredded here and then taken
(08:56):
away.
So you just can't be too safe.
And you know I got ontoshredders when I read frank
abagnale's book yeah, rightbecause frank, frank frank said
if you're looking he just askedthe question you asked if you're
looking to protect yourselffrom people like who I was back
in the day, get yourself ashredder and shred everything.
Put nothing in the bin.
(09:16):
Put nothing in the bin anddon't rely on document
destroying companies, because,with respect to whoever we use,
whoever the next company uses,the person that comes to pick up
the bin Could be involved.
Yeah, who said they're clean?
So if it's highly, highlysensitive, as Frank Abagnale
said, the world's, you know,most prolific con man, let's say
(09:38):
I won't say greatest con man,for fear I'm venerating him, but
the world's most prolific conman is.
Speaker 3 (09:45):
He said the only way to protect yourself when it
comes to documentation is toshred, shred or burn so do you
think then, just from anindustry perspective and I you
know I asked that questionsomewhat loaded because
obviously I'm very well aware ofwhat you guys do here and I've
been involved in making surethere's a lot of data security
in your business but do youthink that there is a reasonable
(10:05):
argument to be made thatagencies like real estate
agencies could probably moveforward operating with less data
on clients that don'tnecessarily engage in a
full-fledged transaction?
Speaker 1 (10:17):
well look.
Um, yeah, possibly, but data isthe value that runs a modern
real estate office.
Yeah, so you know, we again inprevious podcasts have spoken
about agents that move firms andjust put the their database on
a usb stick and put it in theirpocket and walk out the door and
think that's normal yeah, yeahnow.
(10:38):
Could you imagine the uproar ifyour anz bank manager uh, quit
anz.
And said, no, I've got a betteroffer at National Australia
Bank, downloaded the databaseand then went across to the road
to the National Australia Bankand started calling the ANZ
customers.
The ANZ customers would be inuproar that their data had been
abused that way.
But that happens in the realestate industry every single day
(11:02):
of the week.
Speaker 2 (11:02):
Yeah.
Speaker 1 (11:03):
And with this new model that exists in the real
estate industry, where you'vegot what would you call it a
pack of salespeople workingunder a mothership brand, but
the pack of salespeople are allindividual companies that
operate independently from theagent next door to them or the
next desk to them.
(11:23):
They think it's their right tobuild this data up, which
they're entitled to do, and then, when it doesn't suit them
working under brand ABC and theymove across to brand XYZ, they
just download the data and takeit to the next company on them.
Now, a few years ago, we had arogue salesperson leaving the
(11:44):
company and I said to thegeneral manager he is going to
steal the database.
He said no, he won't.
I've spoken to him about it andI said he is going to steal the
database.
You were here then.
Speaker 3 (11:54):
Yeah.
Speaker 1 (11:54):
Yeah.
And he said no, mate, he gaveme his word, he wouldn't.
I said okay.
So I rang the marketing managerand I said has there been a
abnormal download on agent box,which is our crm?
And she said let me investigate, I'll come back to you.
The call came back 6 000contacts were downloaded
(12:14):
yesterday, which was the daythis salesperson left the
company yeah so we went.
We took him to the supreme courtand got an injunction and made
him sign a stat deck admittingto taking the data and giving us
the usb back and undertakingthat that was the only copy of
that data and that he would notuse any of it again.
Now he was leaving HarrisPartners to go and work at a
(12:36):
firm in Leichhardt.
Yeah, the firm in Leichhardtsaid to the general manager why
are you going so hard on thisyoung kid who's just trying to
get started on his real estatecareer?
He's not going to have muchsuccess with his starter anyway.
So there's a couple of thingshere.
The young kid didn't put the6,000 people in the database.
Salespeople and staff beforehim at Harris Partners did.
(12:59):
That was Harris Partners'intellectual property.
He had no right to take it.
It was flat-out theft, which iswhy, after putting up a feeble
fight, he folded like a tentbecause he realized that the
judge was going to, you know,hammer him, spear, tackle him.
Basically for what?
For what he'd done?
He didn't.
He didn't unsurprisingly,didn't last didn't succeed at
(13:21):
the leichhardt office.
Yeah, yeah.
So he's moved on again.
Yeah, but if we had allowed ourdata to go into their office?
Suddenly a competitor's got ourdata that did nothing to
deserve it in a differentmarketplace, and he's moved on.
So the principle of the firmultimately has to be vigilant
and aware of the risks, not justin the systems but in the
(13:44):
people.
It's not nice to say that, but,as this article in the media
says, here it's humans that areaccessing the database and
extracting the information out.
So when you say, what are youdoing to protect yourself?
Um, what are you uh doing tomake sure that this doesn't
happen?
Well, one one of the ways isthat when you start touching
(14:05):
things digitally, you leavefingerprints behind you.
Speaker 2 (14:09):
Yeah.
Speaker 1 (14:09):
And I will periodically do a check in our
database to make sure thatsensitive information hasn't
been accessed and downloaded,and that's one thing that all
agency principals should bedoing with regularity.
Speaker 3 (14:23):
Yeah, look, I'm really glad, just before we wrap
up, you answered that questionand I ask it again.
I'm intimately aware of whatgoes on in your agency, having
been involved in a lot of this.
But I ask because I, you know,for all of my time with you was
constantly running spot checkson the data, making sure that it
was secure, making sure, youknow, penetration testing, doing
(14:43):
whatever we could to make sureit was safe.
But this article reallyhighlights that the occasions
where you've had me check fordata breaches or any concerns
have been a gut feeling rightand it's picking up that human
element that the system.
You know, whilst there might bea fingerprint, there might be
some digital footprint somewherehidden in the mass.
(15:03):
At the end of the day, we maynever have checked had you not
just had a gut feeling about it.
And I think that's the importantthing is that you know client.
You know clients, consumersthey have a right to request
what data is being held and, andyou know, ensure that they're
happy with that.
But at the end of the day,businesses have a responsibility
to not just assume that theirlittle, you know, glorified
(15:23):
excel spreadsheet in a crm orwhatever they use is completely
infallible and that that data issecure.
That, at the end of the day,the owners have to be willing to
keep an eye on everything thatgoes on in the business and take
that data seriously for theirown business, but also the fact
that that's someone's privateinformation I think.
Speaker 1 (15:41):
I think the principle you're 100 correct here and the
principle has a duty of careand responsibility to the
consumer if they're takingsensitive information to protect
it.
Yeah, that's half of it.
The second half, which is lessnoble but equally wise, is who
wants to be involved in a PRdisaster like the big corporates
(16:02):
have, where they're hacked, andyou know, we know some of the
big companies that have beennamed in recent years.
I guess Optus was the biggerone where they're hacked and you
know, we know some of the bigcompanies that have been named
in recent years.
I guess Optus was the biggerone where they're hacked in
personal data.
Speaker 3 (16:13):
Oh, medibank I mean iCloud was hacked, like
companies that would seeminfallible from a digital
security perspective arecompletely fallible.
Speaker 1 (16:20):
So it makes.
It's no surprise, and it makessense, that criminals are now
going to smaller businesses thathave got equally nuanced and
sensitive data but nowhere nearthe protections in place,
because the big corporates arebuilding the brick wall higher,
so to speak.
Speaker 2 (16:36):
Yeah, it does make sense.
Speaker 1 (16:38):
Yes, I do it too as an act of good faith and good
management to protect people'sdata that we take.
But secondly, god, god willing,touch wood.
I don't want to be involved ina phenomenal pr disaster where
we're hacked and that data isused in a way that no one would
be happy with.
Ultimately, the consumer's gota role to play here, which is
(17:00):
what it goes on to say, which isyou know, stop being so free
with the information that youpass out look, I I acknowledge
that sentiment, but I think itis challenging.
Speaker 3 (17:09):
Right, there are some services where you have to
provide, uh, what seems like anexcessive information if you do
want to access services.
Uh, but at the same time, youknow they mentioned streaming
services and other things uh,there is a whole range of places
where you don't need to givethem your date of birth and your
address and your passportnumber and, you know, verify
your identity with three formsof ID and a bank statement, like
it's.
I think there could be agenerational shift.
(17:31):
You know, those that maybe wereborn after the advent of the
internet age and just use it areless aware of the risk, but I
feel like you know anyone in ourage bracket anyway, who was
there for the not the invention,necessarily, but the dawn of
the internet age has always beena little bit dubious.
You know, we were the first toquestion online shopping and
things like.
(17:52):
You know, not to say that wedon't engage in it, because of
course we do, but I think we'reentering a phase now where there
is a whole generation thatdon't see any risk.
We're just living their lifeonline in all facets and that is
dangerous.
Speaker 1 (18:02):
The risks are going up, not being more contained
100% they're going up not beingmore contained.
Speaker 3 (18:06):
They're going up A hundred percent.
Yeah, look really great chat,peter.
And, as you know, a finalreminder to any consumers out
there you do have a right tocheck on your data and you
should do it frequently and makesure that you're happy with
what's out there and if there'sbits that don't need to be there
, certainly request they comedown, because you know companies
in Australia will do that foryou, talking about an important
topic.
Thanks, kieran, all the best,all the best, and thanks to
everyone for listening toCurrent Market Insights.
(18:28):
We look forward to speakingwith you next time.
Speaker 2 (18:31):
Thanks for joining us on the Current Market Insights
podcast brought to you by HarrisPartners Real Estate, the
podcast providing real estateinsights you won't find anywhere
else.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.