The POPI Act and community schemes
Omar Kinnear, developer of ResidentPortal
Most of the sections of the POPI Act finally came into operation from 1 July 2020 and community schemes will be wondering what impact this will have on the running of their scheme.
Omar Kinnear, developer of Resident Portal, a web-based communication portal for sectional title developments and homeowners associations, says the overall aim of the POPI Act is to ensure that people’s personal information is not misused.
“According to the Community Schemes Ombud Service, this means that the personal information of the owners and/or residents of units or homes in the scheme is collected, stored and managed responsibly by not only the scheme executives and managing agents, but also by unit-owners, and to protect the rights of the owners or residents not to have their personal information abused or compromised by having the information shared arbitrarily and irresponsibly with anyone,” he says.
When it comes to Sectional Title developments, Prescribed Management Rule 27(2)(b) states that the body corporate must obtain the following information, which must be kept updated:
- lists of trustees, members and tenants with their full names, identity numbers or, in the case of non-South African citizens, their passport numbers; and
- section addresses and mailing addresses, if different;
- telephone numbers; and
- email or other electronic addresses.
Kinnear notes that schemes using ResidentPortal already have this information, since owners are able to update their personal records themselves. This enables them to fulfil their duty to comply with Section 13(1)(f) of the STSMA, in terms of which owners are obliged “to notify the body corporate of any change in ownership or occupancy of his or her section.”
Phasing in POPI requirements
Schemes have one year to phase in suitable measures to maintain the integrity and confidentiality of information pertaining to owners and residents by preventing loss, damage, and unauthorised access to this data.
According to the CSOS, there are four steps a scheme must take to comply with the POPI Act:
- Appoint an Information Officer to oversee compliance with the Act by the scheme;
- Go through all contracts entered into by the scheme with 3rd parties to ensure that each contract contains a clause in terms of which the parties undertake to comply with the provisions of the POPI Act – if the contracts do not have this provision, amend the contracts;
- The scheme executives must develop a compliance policy or framework, which must include procedures to be followed on how POPI will be implemented. This must be sent out to all unit owners and residents;
- Implement the policy.
Attorney Marina Constas recommends that the policy should include details of the type of personal information that the complex collects and holds, as well as how the complex collects and stores personal information.
She recommends that every body corporate should have a clearly expressed and up-to-date policy about its management of personal information. The policy should include details of the type of personal information that the complex collects and holds, as well as how the complex collects and stores personal information.
The purposes for which the complex collects, uses and discloses personal information must also be detailed, along with information on how an individual may access personal information. The policy document must also outline how an individual can complain to the Information Regulator and how the complex will deal with that type of complaint.
Heavy penalties for schemes’ failure to comply
All scheme executives have a statutory and common law fiduciary obligation to act in good faith, and with due diligence and care in the interests of their community scheme at all times. It is their duty to ensure that the information obtained from members is only used for the purpose for which it was given.
Section 19 of the POPI Act tightens up this requirement, by imposing jail sentences of up to 10 years and fines up to R 10 million for failure to safeguard this information, depending on the seriousness of the breach.
“So, although there is no real change to the obligation of scheme executives to act in good faith, there are now serious consequences for failure to protect individuals’ personal information. And that should be the major take-home for scheme executives to ponder and to implement any necessary changes to the way they protect owners’ and tenants’ private information,” Kinnear concludes.
ResidentPortal is developed and managed by Sandton-based software consulting and development company, Business Xponent Solutions (BXS). The estate communication platform is one of the products emerging from 20 years of experience in the software industry of its founder, Omar Kinnear. One of the original developers of the SARS eFiling platform, Kinnear brings to ResidentPortal a wealth of knowledge of system performance and security.
Since 2016, around 100 complexes are using the Free Plan of ResidentPortal, and over 1000 residents, mostly in and around Gauteng, are benefiting from the way the full-featured Standard and Pro packages are simplifying their lives in their estates and complexes.
For more information, contact: Omar Kinnear, 078 798 3378