Why your ID card is often not enough to enter some security complexes

When a reader’s wallet was stolen and he was awaiting receipt of his new licence card, he discovered that presenting his ID card was not enough to be granted entrance to some estates. Zerlinda van der Merwe, Co-Founder and Director of TVDM Consultants, explains the strict approach of some schemes.

I’m sure you have all had to, at one point or another, whip out your drivers’ licence before you could enter a security complex to visit a family member, friend or business. Have you ever thought why you must provide your drivers’ licence and not your identity document? It might not only be about security and access control. Read this article the next time you’re waiting in the queue to enter.

The roadways in many, if not most, community schemes, are private roads, forming part of the common area or property of the scheme, meaning that the use of these roads, verges, parkings etc. are under the control of the association, and more particularly the trustees or directors in terms of the association’s rules. In many of these instances, the rules provide for the safety of the roads and adjacent common areas, by ensuring that the roads may only be used by licenced drivers, driving in roadworthy vehicles, and adhering to minimal speed limits, and providing that fines may be implemented for non-adherence.

Often these rules are in place to ensure that pedestrians enjoying the common areas may be kept safe, including children and pets, that residents may reverse or drive out of their properties without being side-swiped, that no nuisance or disturbance is caused to residents, and that no public liability claims against the association arise. In this instance, showing your ID is not going to ensure the above, but by checking your drivers’ licence, and in some instances, your vehicle licence, the security guard or access controller on duty can enforce the above.

Schemes have a duty to process personal information correctly

Now, when it comes to your personal information, in terms of the Protection of Personal Information Act (POPIA), the association or security service provider must ensure, via its registered information officer, that your ID number, name, age, photograph, vehicle registration number etc. is processed correctly.
As a quick reminder, the POPIA was enacted to promote and protect an individual’s right to privacy, including the protection against the unlawful collection, use, disclosure and destruction of personal information. Any person or organisation is statutorily required to implement and maintain reasonable, commercially acceptable security procedures in order to protect it from breaches of confidentiality, unauthorised access, destruction, use, modification or disclosure of personal information.

Processing is any operation, or activity, or any set of operations, whether or not automated, concerning personal information, including the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination, distribution, and the erasure or destruction of personal information. In order to ensure compliance, the association must have, or ensure that its provider has, a POPIA manual, as well as privacy policy, dealing with issues such as closed-circuit television (CCTV), and/or surveillance cameras, and access control systems, such as scanning of licences or biometric information. The privacy policy will explain the lifecycle of the personal information collected, used, stored, shared, maintained and destroyed.

Personal information must be destroyed after a visitor leaves the scheme

When it comes to visitors to a scheme, the personal information collected should be destroyed after the visitor leaves the scheme, whereas for full-time use of biometric information, for example, this is stored by the scheme or provider for the purpose of biometric access to the scheme by members and residents, and other persons granted rights of access for longer or more frequent periods of time than visitors. This personal information is protected by the POPIA, and cannot be shared, and must be retained for so long as the member is a member of the association, and the resident is in occupation, and then destroyed.

Think about this the next time you leave the house to visit a friend living in a complex, to make sure you’re not left out in the cold, or need to enter the pedestrian access, noting that the association cannot prevent you from entering, as a pedestrian, provided you have a lawful reason for being there, and you adhere to other access control measures for security purposes.