Buyers Beware – The Privacy Risks When Investing in Property

John Curtin 13 Jul 2023

John Curtin lays out steps to protect clients’ privacy, reputation and security when investing in property.

Purchasing property is never a decision that should be taken lightly. Whether for personal use or as part of a portfolio, property is always a large and considered investment. Prudent advisors will therefore ensure rigorous due diligence is conducted to find out as much about the property as possible to confirm whether it is a sensible purchase.

To best protect a client’s potential investment, advisors typically carry out a physical assessment of the property, undertake land and property registry searches, assess its commercial potential and confirm whether there are any encumbrances on the land, such as easements.

Yet, even the most rigorous due‑diligence processes often fail to consider an individual’s privacy, reputation and security, much less protect it. Properties have a past that the client is buying into, as well as whatever baggage that may entail. This history could bring its own set of challenges, complications or reputational risks.

For these reasons, advisors should take the following four proactive steps when advising clients investing in property to best protect their most important assets: privacy, reputation and security.

Protecting client privacy during the purchase process

Purchasing a property as an individual in the public eye can lead to unwanted media attention. However, there are simple measures that clients should take to assert their legal right to privacy while remaining transparent. Taking the right privacy steps in the first instance is much simpler than retrospective action.

First, it is important to ensure that any parties involved in the property purchase will maintain the client’s privacy. Before engaging a finding agent or estate agent on behalf of a high‑net‑worth or well‑known client, the advisor should request that the agent sign a non‑disclosure agreement or confidentiality deed. This mitigates the risk of them disclosing private information about the individual, such as their identity, budget and desired locations.

Once the individual has decided on the property, they may look to purchase via an incorporated company. If so, the company should not be tied to any personal address but rather a registered company address. People rarely think about the personal and private information they divulge to public registries, such as His Majesty’s Land Registry or Companies House in the UK: it is ‘expected’, so people often blindly hand it over without considering the consequences. By their very nature though, these registries are publicly accessible for the purposes of transparency. Seeking to remove information from such registries is an arduous and often futile task.

If one’s client is hoping to undertake substantial building work, any planning applications should be made through the names of third parties, such as architects (who should also be vetted beforehand). Experienced architects will know this and, more often than not, will make applications in their company name to ensure the privacy of their clients.

Planning applications are searchable on council planning portals and may be indexed by Google, so advisors should ensure that these applications are suitably discreet going forward and do not include overly detailed drawings, so as not to attract unnecessary attention.

Of course, in many cases, property will have already been purchased and plans submitted. However, it is never too late to mitigate any potential privacy risks, so it may be wise to apply for redactions to names on planning applications on behalf of one’s client.

Confirm what information about the property exists online

In today’s world of online property searching, it is increasingly easy to discover detailed information about people’s homes, from purchase history to internal images and floorplans to access points. In order to protect the client’s security and privacy, it is crucial to audit what easily accessible information is out there.

All properties have a past and are likely to have been developed or photographed at some point, either as part of a sale or by designers. Private content about the property, such as internal images or plans of the internal layout, are usually available online on planning portals or estate agents’ brochures; however, these are a privacy and security concern. Publicly available information such as this may be used by the media in related stories or by hostile individuals’ intent on causing the client harm.

It is also worth considering who has owned the property prior to the client and whether the address is associated with any issues or prominent individuals who may make it identifiable. There have been cases of high‑profile individuals inviting film crews into a property or publicising details of their address and, even though they may no longer own the property, it may be easily identifiable because of their publicity.

The profile of any past owner should also be considered: are there any red flags associated with them? Could the client innocently become wrapped up in a story about a former owner because of the client’s connection to their former property?

Take control of information

Once an advisor has ascertained what information and assets exist about the client’s new property online, there are a number of actions to take. First, obtaining copyright of any publicly accessible photographs of the property. Copyright is typically transferred for a nominal fee by the current holder either to the individual themselves or a company/firm (such as the individual’s solicitors) to better protect privacy. Once copyright has been obtained, the advisor can demand that copies of these photographs be taken down on behalf of the client.

Having copyright of the photographs also prevents others from publishing them in the future or, at least, gives the advisor a quick and easy way to get them removed if copyright is infringed.

Beyond photographs, clients should request other online information about the property, such as floorplans or descriptions, to be removed. This may take the form of takedowns or anonymisation requests grounded upon privacy and data protection law to councils or estate agents. Specifically, any information that makes the exact location of a home identifiable to the public at large is a breach of that individual’s privacy rights and presents a security threat. This includes jigsaw identification, i.e., listing the town and including a picture of a front of the house. Individuals will therefore have strong grounds to request that this information be removed or redacted from public‑facing documents to best protect their privacy.

Run a physical and digital security audit of the property

In addition to protecting the client’s privacy, risks to their physical and digital security should also be reviewed. Running a physical and digital security audit of the property is easily overlooked but can leave the client and their family vulnerable to serious attack if not performed.

Depending on the former owner of the property, nefarious listening or recording devices may have been left behind. This may be especially relevant if the former owner is a high‑profile individual. A professional bug sweep will detect any devices that may still be in the property and it is advisable to instruct security experts to investigate. Ensure that any individuals carrying out such sweeps and assessments have been vetted.

The property may, for example, already have closed‑circuit television (CCTV) or alarms installed. Consider who may still have access to CCTV feeds, the network or communication lines. In many cases, it may be wise to install new CCTV systems to ensure data is only accessible to the client’s team.

It is better to be overly cautious and start from a position of strength with regards to security. Engage with professionals to ensure that the property (both within the structure and throughout the perimeter) is secure. Internally, any alarms, CCTV or panic rooms should be tested, including the network itself, which could be at risk of being hacked. When looking outside the property, security professionals should assess external CCTV systems and access controls, determine whether the property is overlooked, check if there is direct access to the property, and ensure any lines between the property and public spaces or other properties are clear.

These professionals should also advise on contingency plans in case of an incident, such as a break‑in. They should also give advice on best practice when it comes to the evolving digital risk landscape, e.g., performing regular network evaluation scans, bug sweeps and digital audits of the property.

Staying one step ahead

As with any situation that could impact a client’s privacy, reputation and security, when investing in property, proactivity is key. It is much better to take pre‑emptive and preventative steps to avoid a crisis in the first place than to clean up after these assets are infringed, the consequences of which could be long lasting.

Properties should not become a doorway into a client’s personal and private life, so protecting their most valuable assets should be the advisor’s most important investment.

This article was originally published in, ‘Buyers beware’, STEP Journal (Vol31 Iss3), pp.62-63.