I recently heard Rory Sutherland talk about something called Dishwasher Darwinism.
The idea is simple: assume everything is dishwasher-safe — and three months later, whatever survives… is.

It isn’t best practice. It isn’t policy.
It’s just pressure quietly deciding what lasts.

And the more I thought about it, the more it felt like a good way of describing what’s happening in the property industry — especially as we move towards 2026.

Not through one dramatic shift.
But through steady pressure, and the quiet reshaping that follows.

Independence isn’t a slogan — it’s the point

One thing I can say with real confidence about the Association of Independent Inventory Clerks (AIIC) is this: independence isn’t branding. It’s the foundation.

A professional inventory clerk shouldn’t be:

• swayed by a landlord
• pressured by an agent
• or influenced by a commercial structure that benefits from a particular outcome

Yet across the sector, we can all see the direction of travel. Larger organisations are building in-house service arms. Reporting, compliance and inspections increasingly sit inside the same commercial ecosystems.

On paper, that looks efficient.
In reality, efficiency has a habit of quietly eating things that don’t look productive on a spreadsheet.

And independence is often the first to go — not through bad intent, but because neutrality is inconvenient. It slows decisions. It creates friction. And friction rarely survives optimisation.

The real risk: quiet bias

The future risk isn’t sudden corruption. It’s something subtler.

A world where:

• reporting slowly bends towards convenience
• neutrality gives way to commercial alignment
• and “independent” becomes a label rather than a lived reality

Not because people act badly — but because good people operate inside incentives they didn’t design.

That’s how bias usually enters a system. Quietly. Structurally. Normalised.

When markets start talking to themselves

As ownership in property concentrates, influence widens.
Bigger landlords become bigger agencies.
Bigger agencies become bigger service groups.

Before long, the same commercial ecosystems can own:

• the interest
• the management
• the compliance
• and sometimes even the reporting about that interest

It isn’t sinister. It’s scale meeting pressure.
But once the same force owns both the outcome and the process meant to assess it, neutrality doesn’t disappear — it just becomes harder to defend.

And that’s the moment when professional bodies stop being ceremonial and start being essential.

Why standards matter more than ever

There is no statutory requirement that inventory clerks must be independent.
Independence is a professional principle, not yet a legal one.

That means the responsibility sits with us.

Waiting for regulation to define the profession would be a mistake. The stronger move is for the profession to define itself first — through:

• clear standards
• transparency around conflicts
• and the confidence to say:
  This is what professional looks like in our world.

If we don’t, someone else will. And it may not be in the interests of fair reporting or independent clerks.

Why AIIC matters in 2026

If inventory clerks don’t band together professionally — not just socially — the role risks drifting into one of two futures:

• absorbed into corporate structures, or
• reduced to a low-margin, interchangeable task

Neither protects:

• fairness
• independence
• or long-term credibility

At its best, AIIC isn’t just training or networking.
It’s the spine of the profession — the place where we decide:

• what independence really means
• what standards actually look like
• and what we’re prepared to stand for, even when it’s inconvenient

Dishwasher Darwinism, one last time

Dishwasher Darwinism says: put things under pressure and see what survives.

Over the next few years, the property sector will experience more pressure — commercially, structurally and culturally.

What survives will be:

• the parts with standards
• the parts with cohesion
• the parts confident enough to define themselves

What warps will be:

• anything built on vagueness
• convenience
• or borrowed credibility

A final thought

This isn’t about fear.
It’s about responsibility.

Because what’s exceptional about this profession isn’t its size — it’s its people. The entrepreneurs, the problem-solvers, the professionals who care about doing the job properly even when no one is watching.

That’s not something to take lightly.
That’s something to protect.

And if 2026 is going to be a turning point, let it be one we shape — not one that simply happens to us.

Data protection is something every independent inventory clerk, agent and landlord must handle—but too often, it feels wrapped in jargon, fear, and unnecessary paperwork. In our recent AIIC webinar, we were joined by Rob Cole (Senior Engagement and Policy Officer) and Jessy Jarvis from the Information Commissioner’s Office (ICO). Their message was reassuringly clear:

Small businesses must be compliant, but GDPR should be simple, proportionate, and practical—not a mountain of paperwork.

Below, we’ve summarised the most important points that apply directly to inventory clerks and those working in the private rented sector.

1. Understanding Data Roles: Controller, Processor, or Both?

One of the biggest areas of confusion is who is legally responsible for data. Rob Cole broke this down simply:

• Data Controllers decide how and why personal data is used.
  This includes sole traders and small businesses—size doesn’t reduce responsibility.
• Data Processors act only on the instructions of a controller.
• Joint Controllers share responsibility and must have clear agreements in place.
• Controller–Processor contracts must set out how data is used, secured, retained, and handled during a breach before any work begins.

Jessy added an important clarification, especially relevant to the inventory sector:

Property data alone is not personal data—unless it identifies a living individual.

For example:
A photo of an empty kitchen is not personal data.
A photo including a child’s school certificate is.

This distinction affects how clerks structure reports, manage images, and store data relating to sole-trader landlords, whose business contact details may also qualify as personal data.

2. Privacy, Transparency, and the Core GDPR Principles

Rob reminded us that the seven data protection principles sit at the heart of UK GDPR. The ICO emphasised three above all:

• Lawfulness
• Fairness
• Transparency

For clerks, this means being upfront about:

• what data you collect
• why you collect it
• who receives the report
• how long you keep information
• your legal basis for doing so

Providing a clear Privacy Notice isn’t optional—and the ICO made this easier than ever with their simple generator tool:

👉 ICO Privacy Notice Creator:
https://ico.org.uk/for-organisations/advice-for-small-organisations/privacy-notices-and-cookies/create-your-own-privacy-notice/

Rob also cautioned against defaulting to consent as the lawful basis. For most day-to-day clerk work, contract, legitimate interest, or legal obligation provide a more stable foundation—especially since consent can be withdrawn at any time.

3. Individual Rights and Subject Access Requests (SARs)

Subject Access Requests remain the most common interaction many small businesses have with GDPR.

Key points from Rob:

• Requests can be verbal or written.
• You have one month to respond (extendable to three for complex cases).
• You cannot charge a fee.
• Identity checks should be reasonable, not obstructive.
• Clarify what the requester actually needs—this avoids unnecessary work.
• Data should be provided in a commonly accessible electronic format.

Other rights—erasure, rectification, portability, and objection—may arise less frequently in the inventory world but still require a straightforward response process.

4. Data Breaches: Staying Calm and Acting Quickly

A breach isn’t always a cyber attack. In the inventory sector, simple mistakes like:

• emailing the wrong landlord
• losing a device
• uploading the wrong report
• sending access information to the wrong party

can all qualify.

Rob outlined the required approach:

1. Contain the issue (e.g., ask the unintended recipient to delete the file).
2. Assess the risk—does it put someone’s rights at risk?
3. Report to the ICO within 72 hours if that risk is significant.
4. Record everything, even if unreported.
5. Review and improve to prevent reoccurrence.

The ICO’s “ripple effect” campaign highlights how even small errors can cause real harm—so proportionate, prompt action matters.

5. Data Retention and Disposal: Keep It Only As Long As Needed

Jessy and Rob were clear:
Don’t keep data forever.

This is especially relevant for inventory clerks, whose photographs and reports can accumulate quickly.

Examples discussed:

• Some records (e.g., payroll) have legally mandated retention periods.
• Others—such as photos and reports—are determined by your business needs, often aligned with the tenancy length and deposit dispute timeframes.
• Tools like Inventory Base can automate deletion schedules to reduce risk.
• Not all data needs shredding—only content that identifies living individuals.

A simple, clear retention policy is enough, provided it is documented and reflected in your Privacy Notice.

6. ICO Registration and Fees

Most inventory clerks process personal data electronically and therefore must pay the ICO data protection fee—typically £52 per year for small operators. Exemptions do exist, and the ICO encouraged members to use their quick online tool:

👉 ICO Fee Self-Assessment:
https://ico.org.uk/for-organisations/data-protection-fee/data-protection-fee-self-assessment/

Remember:
Having CCTV—even in a home office—automatically triggers the fee requirement.

7. Upcoming Legal Changes: What Clerks Should Watch For

Rob highlighted two legislative updates:

• The Data Use and Access Act 2025 – strengthening transparency and expanding obligations in phased rollouts.
• The Renters Rights Act – introducing new expectations for landlords and agents handling tenant information.

The ICO will continue to update its guidance as these changes take effect, and AIIC will ensure members remain informed.

8. The Light-Touch Approach: What Clerks Actually Need

The ICO made it clear that small businesses do not need corporate-level documentation. Instead, they need:

• A simple privacy notice
• A short retention policy
• Clear processor agreements
• Secure storage and sensible operational practices
• Transparency with tenants
• A calm, proportionate breach response plan

And importantly:

You can link to your Privacy Notice and Retention Policy directly in your report disclaimers to streamline compliance.

This aligns perfectly with the realities of inventory work: practical, efficient, and easy to implement.

Final Thoughts

The webinar confirmed what the AIIC has long advocated: compliance doesn’t have to be complicated. With clear processes, proportionate documentation, and the free tools the ICO provides, independent inventory clerks can remain compliant without drowning in paperwork.

Over the coming months, the AIIC will continue to provide templates, short guides, and sector-specific advice to help members stay confident and compliant.

If you missed the webinar, a replay will be made available to members shortly.

Further resources

If you’d like to view the notes from the meeting you can find them here

We have produced a Light Touch data retention policy that you can amend for your own use. Download below

We’ve also produced a simple, step by step guide for smaller businesses that want to stay compliant. Find it below

Links

The ICO have a wealth of resources to help and you can find them here

https://ico.org.uk/for-organisations

Find the fee self-assessment tool here

https://ico.org.uk/for-organisations/data-protection-fee/data-protection-fee-self-assessment

You’ll find the Privacy Policy generator tool here

https://ico.org.uk/for-organisations/advice-for-small-organisations/privacy-notices-and-cookies/create-your-own-privacy-notice/privacy-notice-generator-for-customers-or-suppliers

Protecting AIIC Members from Phishing Attacks

Phishing attacks are on the rise in the UK and pose a serious threat to independent inventory clerks, landlords, and agents. Criminals impersonate trusted organisations to steal personal data or gain unauthorised access, leading to financial loss and reputational damage.

What Is Phishing?

Phishing is a form of cyber-crime in which attackers masquerade as legitimate entities—often via email, text, or phone—to trick recipients into providing sensitive information (e.g. login credentials, bank details, identity documents) or clicking malicious links.

A Real-Life Example

Here’s a phishing email received by AIIC staff, spoofing HMRC’s VAT service:

Notice the subtle grammar errors, the urgent tone, and the “Update” button that leads to a fake portal.

UK-Specific Statistics

• 3.4 billion phishing emails are sent globally every day.
• Phishing accounted for 79% of fraud cases recorded by the National Crime Agency (NCA).
• HMRC saw a 178% increase in phishing reports during 2023, per Proofpoint data.
• Over 1 in 4 UK adults report receiving a suspicious message each month, according to the National Cyber Security Centre (NCSC).

How to Protect Yourself

• Verify the sender. Hover over links and check where it is pointing to. You can see this usually in the bottom left-hand corner of your mail program. The email addresses should match legitimate domains (e.g. @hmrc.gov.uk).
• Be sceptical of urgency. Phishers often claim your “account will be closed” or “you’ll face fines” to rush you into mistakes.
• Never click unexpected links or attachments. Instead, go directly to the organisation’s official website.
• Use multi-factor authentication (MFA). Add an extra layer of security to all critical accounts.
• Keep software up to date. Apply OS and application patches promptly to close security gaps.
• Report suspicious messages. Forward phishing emails to report@phishing.gov.uk (HMRC) or report via the NCSC’s Reporting Service.

Stay Safe Out There

Keep your business and personal information safe by following our guidelines and think about signing up for CyberEssentials certification. It’s free and could save you a lot of heartache!

Further UK Resources

• National Crime Agency (NCA) – guidance on fraud prevention and reporting
• National Cyber Security Centre (NCSC) – advice, alerts, and technical guidance
• Email HMRC Phishing Service at report@phishing.gov.uk for VAT and tax-related scams
• Information Commissioner’s Office (ICO) – data-protection and privacy guidance