Self-professed property maven Dominique Grubisa’s strategies regarding targeting people in financial and relationship distress are put under a privacy microscope by David Donovan.
AS WE REPORTED in March, the DG Institute (DGI) website contains policy documents that appear to have been lifted from the websites of various registered training organisations (RTOs).
One we didn’t mention is DGI’s Privacy Policy. This one has also been pinched, this time from RTO Benchmark College. Didn’t take too long to work that out.
The DGI policy says [IA emphasis]:
‘Benchmark College takes reasonable steps to protect the personal information held from misuse and loss and from unauthorised access, modification or disclosure.’
The DGI policy says elsewhere:
‘Bound by the Australian Privacy Principles, this policy describes how DG Institute takes reasonable measures to protect the privacy of its staff and students in line with state and federal legislation.’
It claims:
- ‘DGI policies and procedures abide by the Australian Privacy Principles;
- information is not disclosed to a third party without the individual’s consent; and
- no personally identifiable information will be disclosed by DG Institute without consent of the individual(s) concerned.’
Perhaps pertinent to put these pronouncements by DGI to further probing, in the light of what DG Institute actually does.
As we have reported, each week DGI distributes an “off market” distressed property list that includes names, addresses (with Google map links) of people who face repossession of their home or who are parties to Family Court proceedings. Grubisa also boasts about providing data regarding people over the 65 years of age.
In a video on Vimeo also featured on her Property Lovers website, Grubisa says:
“You are going to get off market leads lists weekly. So, these are comprised of distressed properties also downsizers — people over 65 years of age, properties that we’ve identified as ripe for renovation as well as properties that may be on double blocks. So, we’ve got a whole lot of data. Data is the new gold so that you don’t have to go around kissing a lot of frogs to find the princes of deals.”
The names of people in court lists in some states were for some years matched with names and addresses of homeowners through data sourced from CoreLogic. When CoreLogic cut ties, Grubisa moved on to sourcing data from Domain Group via Archistar. These companies have also cut ties.
This information has, to some extent been provided by government agencies as part of licence agreements with value added resellers, such as those for Western Australia and Queensland (see page 11 onwards). As we reported this month, these agreements and end user terms contain restrictions on the use of data for direct marketing.
However, not all states and territories provide this personal information to value added resellers.
In her Real Estate Rescue manual, Grubisa says [page 85]:
‘You can find the owner through RP data in all states but Victoria and South Australia where you will have to perform title searches. These states have strict privacy laws that will not allow RP Data to make ownership information publicly available. I have found a way around this which does not involve title searches.’
IA does not know from whom DGI has sourced details of homeowners over the age of 65.
Leaving aside the issues of direct marketing from data sourced via information brokers, let’s look at what other privacy problems there may be.
That requires donning the scuba gear and to do a deep dive into the relevant Commonwealth legislation, the Privacy Act 1988. This Act regulates the use of personal information by Australian Government agencies, organisations with a turnover in excess of $3 million and certain other organisations (such as businesses trading in personal information). The Privacy Act is enforced by the Office of the Australian Information Commissioner (OAIC).
Personal information is essentially information about an identified individual or an individual who is reasonably identifiable. It can include the names and addresses of individuals. Organisations to whom the Act applies (APP Entity) are bound by 13 Australian Privacy Principles (APPs) which deal with issues including the collection, use and disclosure of personal information.
Let’s start with APP 1 — ‘Open and transparent management of personal information’. One requirement is that the privacy policy for an APP Entity must include the purposes for which personal information Is collected, held, used and disclosed [APP 1.4(c)].
Well, the DG Institute privacy policy helpfully tells us that [IA emphasis]:
‘DG Institute only collects personal information that is required for the purposes of employment or education, requests for Australian Government fee assistance or to meet government reporting requirements.’
Of course, Australian Government fee assistance is not relevant at all for DGI because DGI is not an RTO. It would be for Benchmark College, a registered RTO.
In the key points of APP 3, it states:
‘APP 3 outlines when an APP may collect solicited personal information. An APP Entity solicits personal information if it explicitly requests another entity to provide personal information, or it takes active steps to collect personal information.’
An APP Entity collects personal information only if the entity collects the personal information for inclusion in a record or generally available publication [section 6, Privacy Act]. A record such as the lists DGI distributes each week.
Collection ‘applies broadly and includes gathering, acquiring or obtaining personal information from any source and by any means’ [APP 3.5] [IA emphasis].
An organisation bound by the APPs may only ‘collect personal information that is reasonably necessary for one or more of its functions or activities’ [APP 3.3], [IA emphasis]. This is ‘an objective test: whether a reasonable person who is properly informed would agree the collection is necessary’ [APP 3.18] [IA emphasis].
The OAIC says that in the context of the Privacy Act [B.113]:
‘...it would not be sufficient if the collection, use or disclosure is merely helpful, desirable or convenient.’
In a determination in September last year regarding the collection of facial images by 7-Eleven stores, the Australian Information Commissioner and Privacy Commissioner said:
‘In evaluating whether a collection of personal information is reasonably necessary for a particular function or activity, consideration should be given to whether any interference with personal privacy is proportionate to a legitimate aim sought.’
We suggest a reasonable person would not agree that collecting the names and addresses of people who are financially distressed or are parties to Family Court proceedings is reasonably necessary for DGI. It might be helpful in selling her programs and lucrative to her (she claims the lists are worth $12,000 for the 12-month period of the elite mentoring program).
Further, if as DGI says they only collect personal information for the purposes of employment and education, exactly what sort of education is Grubisa providing to the people whose names and addresses end up on these lists? They are not the students, they are the target of her students. And DGI claims no personally identifiable information will be disclosed without the consent of the person. That clearly isn’t the case.
APP6 tells us when an APP Entity may use or disclose personal information:
‘An APP Entity can only use or disclose personal information for a purpose for which it was collected... or for a secondary purpose if an exception applies.’
Of the exceptions, only two seem remotely applicable to DGI. Firstly, if the individual consented to the use or disclosure or ‘the individual would reasonably expect the secondary use or disclosure’.
The OAIC helpfully tells us that disclosure is not defined in the Privacy Act.
But they come to our rescue to say [B.64]:
‘An APP entity discloses personal information when it makes it accessible or visible to others outside the entity and releases the subsequent handling of the personal information from its effective control. Disclosure in this context can occur even where the personal information is already known to the recipient.’
Clearly, DGI does not obtain the consent of people in the court lists to collect let alone disclose their personal information. They have no clue that this information is collected.
Grubisa herself said in an episode of her Property Lovers podcast in April this year, spruiking her letter-writing strategy [at 5 minutes, 10 seconds in]:
“First of all, it shouldn’t address the homeowner by name even if you know the homeowner’s name because you’ve searched RP Data or done a title search, it might creep them out a little bit.”
Grubisa says in her Real Estate Rescue manual that mailing letters in a format that is:
‘...persistent in tone and urgency can be a very powerful tool’ [p118].
We do not think there would be too many people who were facing repossession of their home or were involved in Family Court proceedings who would expect DGI to be collating lists with their names and address and providing that to their “elite mentoring” students to then receive letters persistent in tone and urgency!
Grubisa gets super excited about her strategy of writing letters to people using the personal data collected. As is evident from this video on Vimeo which also features on the DG Institute website.
We hope the OAIC might join the other agencies that are currently investigating the activities of Grubisa and DGI.
Follow IA founder David G Donovan on Twitter @davrosz. Also, follow Independent Australia on Twitter @independentaus, on Facebook HERE and on Instagram HERE.
Related Articles
- Dominique Grubisa's predatory 'game-changer'
- The 'patently' dishonest Dominique Grubisa
- Dominique Grubisa is so vain, she probably thinks this award is about her
- Dominique 'distressed estate' Grubisa stripped of legal practising certificate
- EXCLUSIVE: Legal tools — yet more plagiarism from Dominique Grubisa
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License
Support independent journalism Subscribe to IA.
