POPIA is here! How compliant is your community scheme?

We are fast approaching the Protection of Personal Information Act 4 of 2013 (“POPIA”) compliance deadline- the question is, how compliant is your sectional title scheme or homeowners’ association (“community scheme”)?

Community schemes were given one year to implement the POPIA requirements concerning the protection and processing of personal information promulgated on the first of June 2020 – permitting a phase-in period before community schemes are obligated to fully comply with the POPIA.

So, what are the significant implications for unit owners, residents, employees, visitors, service providers and scheme executives (trustees or directors) within a community scheme?

The POPIA is intended to promote the protection of personal information and to bring South Africa’s privacy laws in line with international standards. It restricts the rights of public or private bodies to collect, process, store and share personal information.  It also makes these bodies accountable for securing the privacy of this information. The POPI Act is the latest addition to the fiduciary duties of scheme executives and their service providers (like managing agents and security), to ensure the protection of the information of the unit owners, residents and employees of the community scheme and manage the inflow and outflow of information in a prescribed and secured way.

Unit owners, residents, employees and visitors in a community scheme should consider that the POPIA does not make it illegal for the scheme executives to collect their personal information for the legitimate successful management of the community scheme, or to request certain personal details from visitors to their community schemes in the interests of security.

The personal information collected by the community scheme should however be obtained lawfully and reasonably that does not infringe the privacy of anyone.

Scheme executives and/or their service providers are obligated to respond when they are asked about what they are doing with the personal information they collect. Scheme executives must also consider how they will inform their unit owners, residents, employees and visitors that their personal information may be made available to:

• those inspecting the books of account and record;
• the Community Schemes Ombud Service (CSOS); and
• service providers, like their managing agent and levy collection attorneys.

Scheme executives must also be able to account when it comes to visitors and/or service providers (like gardening services) who provide their personal information to the guards at the gate. The guard at the entrance of a community scheme often requests a visitor’s ID card/license to confirm their identity and in most systems proceed to scan it. The license or ID card has a photo, an ID number and a date of birth.

Now, under the POPIA, every visitor has the right to ask the following from the trustees of the scheme:

• What’s the purpose of taking this information?
• How will this information be processed (stored)?
• How will you guarantee the safety of this information?
• How long will you keep the information and will it be deleted after that period?

The Visitor Management Solution for community schemes is a cost-effective and user-friendly security solution that enables our clients to manage and control visitor access to their community scheme via a smartphone app or online portal.

Additional features include a built-in reporting tool, bulk messaging platform and a workflow management tool, providing community schemes with a means to accurately control visitor data and hence make it effectively easier to comply with POPIA.

Our Visitor Management System (VMS) is a cloud-hosted, integrated solution, that is designed to manage visitor access into your community scheme. Our flexible offering means you can add our solution to your existing security structure, or start from scratch with us. In other words, we customise our offering based on your specific needs and existing infrastructure. Residents can manage and control visitor access through our PIN access (push and PIN access notifications) and CCTV scanning features (video and license plate integration) which requires less visitor information.

Every community scheme should have a clearly expressed and up to date policy about its management of personal information which aligns with the POPIA compliance requirements. The policy should include details of the type of personal information that the complex collects and holds, as well as how the complex collects, stores and secures personal information.

Have more questions regarding POPIA compliance in your community scheme? We offer specialist Legal Advisory solutions for community schemes. Connect with us for all your complex problems.