The Importance of POPIA and How it Affects HOA’s and Body Corporates
The Importance of POPIA and How it Affects HOA’s and Body Corporates
Starting from the 1st of July 2021, the POPIA (Protection of Personal Information Act, No. 4 of 2013 is now in full effect. This article will give an overview of the importance of this legislation and how it affects HOAs (Homeowners Associations) and Body Corporates.
The first paragraph of the introduction of the POPIA lays down the fundamental purpose of the act, which goes as follows, “To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information.” In other words, POPIA exists to ensure there is no misconduct when using people’s personal and sensitive information. The definition of personal information is rather wide as it covers all information that relates to an identifiable person, both human and artificial.
There are three categories of personal information, namely General, Special and Children’s personal information. Examples of general information can be someone’s phone number, address or identity card number. Special information includes religious beliefs, political views and biometric information. Children’s information is any sort of information that relates to a person who is under the age of 18.
How POPIA affects HOAs and body corporates
This sort of data protection is a real issue that Community Schemes, such as Homeowners Associations (HOAs) and Body Corporates, face. As these Community Schemes process a lot of personal information, they must comply with the POPIA and all other legislation protecting personal information. Due to the abundance of resident and homeowner information they store, it can be challenging to check through all data protection to ensure it complies with the legislation; if not, it must be addressed immediately. The first and most important thing is to make sure that the way Scheme Executives collect personal information of residents, unit owners, employees and those visiting the Community Scheme is not illegal and complies with the POPIA. It is important that the personal information obtained by the Community Scheme and its executives is done lawfully and does not violate the privacy of any parties.
The second most important consideration is the accountability of scheme executives and third-party trustees. It’s vital that they are obliged to respond when they are asked about the usage and the collection of the personal data they handle. They should ensure that all residents, owners, employees and visitors are informed that their personal information can be made available for those who,
- inspect the books and account records,
- the Community Scheme Ombud Service (CSOS), and
- other third-party service providers.
Under the POPIA, every person providing their personal information to the Community Scheme has the right to ask the following questions from their executives:
- For what purpose is the information collected?
- How will the information be stored and processed?
- How is the safety of this information protected and how can that protection be guaranteed?
- How long the information is kept for and when will it be deleted from the system?
We recommend that every Community Scheme should have a clear and up-to-date policy on the management of personal information that complies with the current government legislation and the POPIA. This policy should be able to answer all the above-mentioned questions and be made available for everyone subject to personal data collection.