UNSW City Futures Research Centre Senior Research Fellow Dr Chris Martin said renters were being asked to provide personal information “with arguably not a whole lot of purpose behind it” when applying for a rental home.

This put them at risk of a “devastating” cyber attack following recent breaches at Optus, Medibank and Real Estate transaction platform RealtyAssist.

MORE: Homeowners fork out thousands in hidden costs

How rent crisis could backfire for landlords

In addition to standard requests for multiple identification documents, bank statements, utility bills, employment details and rental history, some tenants are also being asked to show social media accounts, pet profiles and self-funded background checks as part of the rental application process.

Dr Martin said the collection of such information left renters vulnerable to identity theft, with individual landlords and some smaller agencies not covered by the Australian Privacy Principles (APP) which govern the management of personal information collected.

Those that are covered by the APP can collect information that is deemed “reasonably necessary” which Dr Martin said leaves a lot of room for interpretation.

“If it’s argued their function is to assess the best candidate for tenancy, then there could be quite a broad scope to argue they can legally collect substantial personal information to do that.” he said.

He said tenancy laws in most states and territories place few restrictions on the type of information agents can collect, with the lack of regulation in place posing an issue.

Recent amendments to the Victorian Residential Tenancies Act restrict landlords and agents from asking tenants about previous disputes with renter providers, bond history, bank statements with daily transactions or information about protected attributes under discrimination law.

In October, real estate platform RealtyAssist fell victim to a cyber attack which saw some sensitive and personal information collected by The Agency, Century 21, LJ Hooker, Laing+Simmons, SLP Agency and Absolute Estate Agents made publicly available.

This included the names and contact details of some customers as well as property contracts and DocuSign Envelope ID numbers.

Dr Martin said the rental sector should be reviewed in order to rebalance the “asymmetric” power dynamics between landlords and tenants, adding that invasive questioning also posed a problem for housing access.

“Questions about source of income, social security recipient status and whether you’ve applied for social housing can be used to deny you a tenancy, and it’s not unlawful and not regulated in any jurisdiction,” he said.

He suggested the introduction and implementation of a standard prescribed tenancy application form as well as the regulation of landlords through registration and licensing requirements that would see them undergo basic training on their responsibilities and obligations to tenants.

“We could have a standard form for tenancy application that asks a reasonable number of relevant questions, and not the unreasonable, intrusive and risky questions landlords and agents may be asking now,” Dr Martin said.

MORE: Every suburbs’ rental costs, compare for yourself

Cheaper options for Sydney renters revealed

Sydney rents soar at fastest rate ever

Originally published as Calls for widespread rental reform to protect against cyber attack