How the RTA keeps you (cyber)safe


The RTA reminds customers to regularly update your passwords using strong passphrases, watch for any unauthorised online account transactions, be alert when clicking on links within emails, and follow the Australian Cyber Security Centre’s advice to protect your information and stay safe online. Learn how the RTA keeps your data safe

Customer safety and confidentiality are a top priority for the RTA, and we regularly update our Privacy plan and cybersecurity processes to ensure we’re looking after our customers.

Four of the steps we take to keep you safe are:

1. Requesting four points of customer identification during calls

When you call our Contact Centre, we’ll ask for four points of customer identification—including a combination of personal and tenancy-specific questions—before we proceed.

We’ve also added additional tenancy-specific questions to help protect any of our customers whose general identification information may have been leaked during recent data breaches reported by other organisations across the country, or accessed without permission by another party.

2. Using two-part customer identification when using Web Services

When customers use RTA Web Services—our suite of online forms that make it easier to update your bond details and complete essential tenancy transactions—they're required to verify their identity through QGov.  

QGov is the Queensland Government’s secure digital identify verification platform—designed to provide access to a number of government services with a single log-in—and acts as a substitute for your signature on a paper form, keeping your online transactions with the RTA secure.

This two-part identification arrangement significantly reduces the risk of fraudulent online activity and identity theft.

Customers that don’t have Australian-issued identification and cannot verify their identity through QGov still have access to the RTA’s paper-based forms and can call our Contact Centre for support.

3. Requiring unique email addresses for each customer 

Customers are required to register a unique email address—one that isn’t shared with anyone else and can only be used by you—to use Web Services. In addition, we recommend customers always use a unique email address to interact with the RTA. This is to protect your security and privacy, particularly in instances where there may be domestic and family violence.

Customers that do not wish to provide a unique email address can still receive legislative documents and correspondence via post to your last known mailing address to the RTA.

4. Using best-practice cyber security measures 

We have advanced security standards and infrastructure to ensure your personal information is stored securely in our systems. We engage third-party providers to support our in-house teams to monitor, test and continuously improve our systems and processes to ensure compliance with industry best practice, including the Queensland Government’s Information Security Policy IS18 and the Australian Cyber Security Centre’s Essential Eight guidelines. This helps us to protect your information, mitigate risk and provide coverage for various cyber threats.

Updating your personal information

You can help us keep you safe by ensuring the personal information you provide is accurate and up to date. You can do this by lodging an Update your details web service request or by submitting the Update your details paper form.

Original publication on 22 Nov 2022
Last updated on 13 Jan 2023

Note: While the RTA makes every reasonable effort to ensure that information on this website is accurate at the time of publication, changes in circumstances after publication may impact on the accuracy of material. This disclaimer is in addition to and does not limit the application of the Residential Tenancies Authority website disclaimer.