Sectional Titles and the POPI Act – what you need to know

Sectional Titles and the POPI Act – what you need to know

Community housing schemes should have compliant record-keeping systems, including those of their managing agents, in accordance with the Protection of Personal Information (POPI) Act.

It is also important for owners and occupiers in Sectional Title schemes and gated developments run by Home Owners’ Associations (HOAs) to understand that the Act does not make it illegal for the trustees or directors to collect their personal information, or to request certain personal details from visitors to their schemes in the interests of security.

Everyone has the right to privacy, as provided for in Section 14 of our Constitution, and the POPI Act actually amplifies that right with provisions intended to protect consumers against identity theft as well as the unauthorized use or sale of their personal information for any purpose, including the creation of databases for marketing and sales campaigns.

However, the new legislation does not stipulate that personal information cannot be collected – only that when it is collected, it must be responsibly managed and protected.

This is especially pertinent in community housing schemes, where the trustees, directors, and managing agents have to keep a significant amount of personal information about owners and tenants on record in order to:

  • Send levy accounts and statements to the correct people.
  • Allocate payments correctly.
  • Send out communications about the annual budget, the AGM and other body corporate or HOA meetings.
  • Facilitate communications with owners and tenants regarding security issues or in an emergency such as the recent Covid-19 lockdowns; and
  • Take swift action in the event of levy defaults.

Some schemes also send out monthly newsletters using at least some of this personal information, and many now also have residents’ Facebook pages or WhatsApp groups where at least some member information is shared. In addition, most schemes have controlled-access points where residents and visitors alike must provide personal information to gain entry to the complex or to obtain a remote control or access card. This may include a car registration number, a fingerprint, and a photograph, for example, as well as their name and telephone number.

For this reason, any business or legal entity that is not compliant with the POPI Act is risking prosecution and a high fine, so ST trustees and HOA directors need to ensure that their scheme – and any “third party” such as a managing agency or security company that is acting on their behalf – is gathering, storing and using personal information correctly, or currently upgrading their procedures and systems to ensure that this information is protected.

There are two parts of the Act that trustees need to be particularly concerned about to start with, the first of which is the general requirement that a consumer’s consent must be obtained before any of their information can be collected or used and that they must be properly informed about the reason for collecting the information, what will be done with it and how it will be protected.

In practical terms, ST trustees and HOA directors do not need to obtain the permission of owners in their schemes to collect or hold whatever personal information is needed for the “effective management” of those schemes, as long as that is all they do with it. However, they do need to inform them if this information is being shared with a third party, such as a managing agent, to assist with the effective management of the scheme.

In addition, they will need to obtain their permission (preferably in writing) to collect and hold any information that they intend to use for any other purpose – and state what that purpose is. They may not, for example, let owners believe that their personal information will only be used for correspondence and communications like levy statements and meeting notices and then use it – or allow it to be used – by a different company for some other purpose, such as direct marketing, without permission.

The second concern for trustees and directors is the security of their information storage and management systems, whether these are digital or paper-based, and on-site or off-site. The Act provides for personal information to be kept in such a way that it is protected from unauthorised access – by computer hackers, for example – and for it not to be sold to or exchanged with any other organization.

In short, the person or company that gathers personal information is obliged to take practical steps to protect it, such as ensuring that computer records are encrypted, or that paper records are locked away and only able to be accessed by certain people in the company. The Act does not insist that companies install very high-tech systems, only that they have procedures in place to protect the information they hold and that they implement a system of accountability.

This does not let sectional title trustees “off the hook” if they are not keeping their own records. On the contrary, they are responsible for any information collected on behalf of their scheme, so if this is being by a managing agency, they must ensure that they deal with a reputable company that already has a proper system in place to protect and isolate all the personal information relating to individual schemes – and a clear plan about what to do if the security of that system is breached.

Leave a Reply



Click one of our contacts below to chat on WhatsApp

× How can I help you?