The STAIRs Standard

The Secretary of State and the Regulator of Social Housing will soon announce the publication of a new statutory standard known as ‘STAIRs’ – standing for ‘Social Tenant Access to Information Requirements’.  The STAIRs standard is a legally binding policy that grants tenants of private sector social housing landlords, also known as private registered providers (PRPs) such as housing associations, the right to request a broad range of non-personal information about their homes and nearby social housing properties from their PRP landlords.  This right is not restricted (as has been the case up to now) to making a more limited data subject access request (DSAR) under the Data Protection Act.

Tenants of local authority social housing have long been able to make much broader Freedom of Information (FOI) requests for data to their council landlords, because these are public bodies; the new STAIRs standard-based information request is more akin to an FOI request (though not identical, because it is still being made to a private sector organisation, the PRP).

This long-awaited correction of the imbalance between public and private social housing tenants' information rights is expected to gain widespread acceptance.  We anticipate that the types of information requested by social tenants under this new right will include:

• Condition of the property
• Repairs and improvement plans
• Patterns of poor property conditions within a block or district
• Repair times
• ASB (anti-social behaviour) cases and outcomes locally
• Health and safety issues
• Breaches of housing association or other policy
• Outcomes of property inspections
• Basic property estate management
• Senior employees’ (decision makers’) names and job roles
• Policies and procedures
• Property spending
• Housing stock management
• Performance standards
• Rent rates, and
• Service charges for shared owners.

Like the FOI and DSAR regimes, the STAIRs scheme contains exemptions, rules on how to handle requests (including timeframes for response, and when a PRP can refuse a request it has received) and how to respond, and provision for a review/complaints mechanism for instances of non-compliance by landlords.  To help you navigate compliance with the STAIRs, URM has a large team of consultants with extensive experience in advising on FOI requests to public authorities and in providing DSAR support to a wide range of organisations, including housing associations.

Gap Analysis

URM can provide a STAIRs gap analysis service, whereby our expert consultants will conduct a comprehensive review of all your relevant processes to establish what changes will need to be made in order to comply with the requirements of the STAIRs standard.  The subsequent report will include a list of prioritised remediation activities required to address any shortfalls identified, enabling you to achieve compliance with the STAIRs standard in the most effective and efficient manner possible.

Policy and Process Development

URM can also support you to develop the necessary policies and processes to facilitate your compliance with the STAIRs standard.  As with all of URM’s services, our team will work collaboratively with you to create policies and processes that are not only fully compliant with the standard’s requirements, but that are also appropriate for your organisation’s unique culture and needs.  

Virtual Data Protection Officer Service

An effective solution for many organisations looking to meet GDPR and other data protection requirements is to utilise URM’s Virtual Data Protection Officer (vDPO) service.  With this service, you can access not just one, but a team of experienced and qualified URM data protection practitioners who can advise on a range of compliance issues including meeting the requirements of STAIRs.

Training and Awareness

Finally, our team can provide your staff with awareness training to ensure they understand their role in facilitating your organisation’s adherence to the STAIRs standard’s requirements, and provide your data protection champions with more in-depth training on how to deal with STAIRs requests.  This training will include dealing with exemptions, timeframes for responding, when requests can be refused and how to respond.

Why URM?

Track record

URM’s DP and GDPR consultants have extensive ‘real world’ experience as both practitioners and subject matter experts working at a senior level within business and in their data protection consulting roles advising organisations on best practice.  With a 19-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach.

Flexible service offerings

A key differentiator between URM and other data protection service providers is our flexible service offerings.  Our virtual DPO service can be customised to your precise requirements, in terms of the type of support you require and the frequency of site days (remote or on site) etc. Equally, with our remediation support, URM can assist you address any gaps identified and achieve full GDPR compliance. We can also help you maintain that compliance with GDPR auditing services.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which helps to ensure that you not only understand what the principles and requirements of the GDPR are but how to best meet them.

‍