Big change for security estates in South Africa
The Information Regulator of South Africa is targeting security estates and office parks over the information they collect about visitors.
Many South African security estates and office parks collect a wide range of visitor data as part of their security systems.
They typically scan a visitor’s driver’s license ID book and car’s license disk and collect a range of information about the person.
This includes their name and surname, ID number, and other information on a driver’s licence, like age and gender.
Further information that can be collected can include details about their vehicles, the vehicle registration number, and where they live.
Some security providers furnish the security estate or office park with access to a database of South African citizens for cross-referencing purposes.
After a user’s driver’s license or ID document is scanned and uploaded to the estate’s database, the information is automatically sent for a home affairs lookup.
The security estate or office park typically stores visitor information—and it is their responsibility to keep it safe and private.
They decide how the personal information will be processed and stored and what it will be used for.
Therefore, it is up to the estate or office park to ensure they adhere to the country’s laws, like the Protection of Personal Information Act (POPIA).
The POPIA requires estates to comply with numerous conditions to ensure they operate lawfully.
They must disclose to the visitors why they process their personal information and ensure that it is not used for other purposes.
They must ensure that the information is stored safely and be open and transparent about processing it. The estates must also allow visitors to access their information, correct it, delete it, and ensure it remains confidential.
It is also important that an estate or office park receives consent from visitors to process their personal information.
This does not hold for most estates and office parks. They essentially demand that visitors scan their driver’s licence cards to gain access without any consent or additional information.
Information Regulator of South Africa going after security estates and office parks
Advocate Pansy Tlakula, the chairperson of the Information Regulator of South Africa, said the regulator is investigating surveillance and information gathering in private places.
She told Clement Manyathela from Radio 702 that there is an over-processing of information in many private and public areas.
“When you visit a gated community or office park, they scan your car’s disk and driver’s license, which contain a lot of personal information. Some even take your photo,” she said.
She said the POPIA is very clear—you should only collect the minimum amount of personal information necessary for your purpose.
“If you enter into a gated community, all they need for security is your name, the colour of your car, and the car’s registration,” she said.
She added that the previous method, where people were asked to switch their car on and off to ensure they had the keys, was adequate for most purposes.
Tlakula said the current situation, in which a wide range of information is collected, constitutes overprocessing of information.
“What are they doing with that information stored on the device? How are they protecting it, and where does it end up?” she asked.
She said the information gated communities and office parks collect includes people’s names, ID numbers, addresses, and other personal information.
Tlakula said the Information Regulator is targeting the ‘surveillance sector’, including estates and office parks, to limit the overprocessing of information.
“After consulting with this sector, we will issue a code of conduct for them. We will issue this code of conduct,” she said.
Loading ...
