Property management company Trafalgar says that community housing schemes (CHS) in South AFrica will need to make a number of changes to prepare for the implementation of the Protection of Personal Information Act (POPIA) before the 1 July 2021 deadline.
Trafalgar managing director Andrew Schaefer said there are many aspects to POPIA and that many schemes do not even have the basic elements in place yet to achieve compliance.
Schaefer said that the POPIA does not forbid the collection of personal information, but rather stipulates, for example, that every person whose information is requested is entitled to be informed how that information will be used and how it will be secured to prevent it from being used for any other purpose.
Below he outlined some of the ways that schemes will have to change.
Every scheme needs to appoint an Information Officer, preferably a trustee or director, who will be responsible for all the personal information that is collected by that scheme, and by any companies that provide services to the scheme such as managing agents or security, cleaning and insurance companies.
Resident’s and security data
Most CHS will probably already have the names, addresses, telephone numbers and email addresses of all owners on record, for example, and those owners are entitled not only to know that this information is being held, but also to be guaranteed that it is being securely held and will not be used or sold for any other purpose than that originally intended.
The same applies for any personal information that is collected to maintain security in CHS, whether it is in analogue form such as names and car registration numbers written into a paper register at the gate, or in digital form such as fingerprints on a biometric scanner or footage captured on a CCTV system.
Third-party services This information is usually gathered by third-party service providers, and one of the requirements of POPIA is that the scheme must now have a contract with each of these service providers that clearly stipulates what personal information it may collect, where and how that data must be stored and secured, and when it must either be destroyed or returned to the CHS.
- The preparation of a written data protection policy, and a plan of action in the event of a data breach;
- The formal allocation of financial and other resources to ensure that the POPIA plan is put into action; and
- The preparation of a plan to sustain POPIA compliance, such as annual auditing and ensuring that the scheme’s practices are updated to comply with any changes in the legislation.
The recent rapid increase in remote working and online shopping has created a much broader awareness of how important it is for personal information to be kept safe, not only to protect privacy but to prevent identity theft and other malicious online activity, said Schaefer.
“In South Africa, this is now being underlined by the importance being placed on across-the-board POPIA compliance, and many organisations being asked by consumers to prove that any data they collect and hold is being properly secured and managed.”