Warning for estates and complexes that scan visitor car and drivers licences in South Africa
Estates, complexes and gated communities in South Africa are being warned to be careful about how they collect and handle visitors’ personal information.
South Africa’s Information Regulator is finalising a code of conduct that will govern how controlled-access properties process visitor data under the Protection of Personal Information Act (POPIA).
Local access control and visitor management software company ATG Digital warned that, once in place, the code will subject data collection at residential estate boom gates to much tighter scrutiny.
This means many of the practices South Africans have become used to when entering estates may no longer be acceptable.
Some of these practices include handing over a driver’s licence, signing an open visitor book or having personal details copied down.
According to ATG Digital, the upcoming rules will force estates and complexes to rethink long-standing security and privacy practices.
“South Africa’s estates and office parks are bracing for a major shakeup at their security boom gates,” it said.
It added that the Information Regulator is finalising a POPIA Code of Conduct for Gated Access that will directly impact how controlled-access properties collect and store visitor data.
The biggest issue is that many estates may be collecting too much information, keeping it for too long, or storing it in ways that expose it to other people.
Examples of problematic behaviour include leaving visitor books open for everyone in the queue to read, copying ID books, and driver’s licences without a valid reason.
Other issues include collecting personal details that have little or nothing to do with access control—such as employment history or family information.
If a visitor records one of these incidents and reports it, the estate, complex or body responsible could face an investigation by the regulator.
In more serious cases, POPIA breaches can lead to fines and even criminal prosecution. ATG Digital said the old approach to access control is no longer good enough.
“If your security team controls who enters and leaves, and you process personal information to do that, this Code is aimed squarely at you.”
Estates themselves will be held responsible
In practical terms, estates will likely still be able to gather basic information needed to identify a visitor and verify their visit.
This would generally include a name, ID or passport number, mobile number, vehicle registration, date and time of entry, and the host being visited.
However, the regulator is expected to take a much harder line against excessive or sloppy data practices.
ATG Digital said the code is also likely to focus heavily on the growing use of technology at estate entrances, including ID scanners, licence plate recognition, CCTV and facial recognition systems.
The concern is not necessarily the use of these tools, but whether they are being used lawfully and proportionately.
The company said the code is expected to demand clearer notices for visitors and residents, tighten expectations around biometric processing, and push estates to justify how long they keep logs and footage.
One of the most important warnings is that estates themselves—not just the security company or software provider—will usually be held responsible if something goes wrong.
This means if visitor information is leaked, a logbook goes missing, or a biometric system is deployed improperly, the estate, homeowners’ association, body corporate or property owner could be the one facing a complaint.
Loading ...