Community housing schemes have until 30 June 2021 to ensure complete compliance with the Protection of Personal Information (POPI) Act, warn property experts.
The regulations require schemes to have:
- A POPI policy
- Amended the rules of the scheme to comply with POPI;
- An information officer who is the POPI oversight representative of the scheme;
- POPI agreements with stakeholders who have access to the personal information of owners and tenants,
In an interview with PropertyWheel, specialist sectional title attorney and BBM Law director Marina Constas warned that schemes that do not meet the requirements face hefty fines, including fines of up to R10 million or 12 months imprisonment.
Constas said that the POPI policy should include details of whose personal information in collected and held by the complex including trustees, owners and tenants, as well as visitors.
The type of personal information that the complex collects and holds, as well as how the complex collects and stores personal information, must be specified.
The purposes for which the complex collects, uses and discloses personal information must also be detailed, along with information on how an individual may access personal information.
Constas said that schemes will also have to give consideration to issues such as access control at a guardhouse and CCTV cameras. How data is collected from these sources should also be clearly spelt out, she said.
“They must be ready to answer questions regarding what information is requested from visitors by security guards. Does it include identity numbers and photographs?
“The trustees and directors must be able to explain why this information is collected; where it is stored; for how long it is stored and when it is destroyed.”
Andrew Schaefer, managing director of national property management company Trafalgar, said the new legislation does not stipulate that personal information cannot be collected – only that when it is collected, it must be properly managed and protected.
Schaefer said that this is especially pertinent in community housing schemes, he says, where the trustees, directors and managing agents have to keep a significant amount of personal information about owners and tenants on record to:
- Send levy accounts and statements to the correct people;
- Allocate payments correctly;
- Send out communications about the annual budget, the AGM and other body corporate or HOA meetings;
- Facilitate communications with owners and tenants regarding security issues or in an emergency such as the recent Covid-19 lockdown; and
- Take swift action in the event of levy defaults.
“Some schemes also send out monthly newsletters using at least some of this personal information, and many now also have residents’ Facebook pages or WhatsApp groups where at least some member information is shared,” he said.
“In addition, most schemes have controlled-access points where residents and visitors alike must provide personal information to gain entry to the complex or to obtain a remote control or access card.
“This may include a car registration number, a fingerprint and a photograph, for example, as well as their name and telephone number.”