Leading property management company Trafalgar and top law firm Michalsons have joined forces to launch a compliance “toolkit” that will assist community housing schemes (CHS) to prepare for the implementation of the Protection of Personal Information Act (POPIA) before the 1 July deadline.
“This toolkit contains a set of templates and documents that will guide the trustees of sectional title schemes and the directors of homeowners’ associations through many of the steps they need to take to get ready for POPIA and will require minimal customization for specific schemes,” says Trafalgar MD Andrew Schaefer.
“Our aim is to enable CHS to quickly put an effective POPIA plan into action at minimal cost.”
He says there are many aspects to POPIA and that many CHS do not even have the basic elements in place yet to achieve compliance. “For example, every scheme needs to appoint an Information Officer – preferably a trustee or director – who will be responsible for all the personal information that is collected by that scheme, and by any companies that provide services to the scheme such as managing agents or security, cleaning and insurance companies.
“This Information Officer should also be familiar with the provisions of the Promotion of Access to Information Act (PAIA) and must be registered with the Information Regulator before 1 July.”
Sicelo Kula of Michalsons notes that although POPIA does not provide for the role of the Information Officer to be delegated to a managing agent such as Trafalgar, the CHS can delegate the responsibilities that come with the role, and that a template for doing this is one of the items included in the toolkit.
“Meanwhile, CHS trustees and directors also need to make all their owners, employees and service providers aware of the provisions of POPIA, as well as the fact that this legislation does have quite wide-ranging implications for them all. They also need to communicate their plans to achieve compliance and any new measures they may be putting in place, and Trafalgar is already running a series of webinars to assist with this information dissemination.”
It is important to remember, Schaefer says, that POPIA does not forbid the collection of personal information, but rather stipulates, for example, that every person whose information is requested is entitled to be informed how that information will be used and how it will be secured to prevent it from being used for any other purpose. “Most CHS will probably already have the names, addresses, telephone numbers and email addresses of all owners on record, for example, and those owners are entitled not only to know that this information is being held, but also to be guaranteed that it is being securely held and will not be used or sold for any other purpose than that originally intended.
“And the same goes for any personal information that is collected to maintain security in CHS, whether it is in analogue form such as names and car registration numbers written into a paper register at the gate, or in digital form such as fingerprints on a biometric scanner or footage captured on a CCTV system.
“However, this information is usually gathered by third-party service providers, and one of the requirements of POPIA is that the scheme must now have a contract with each of these service providers that clearly stipulates what personal information it may collect, where and how that data must be stored and secured, and when it must either be destroyed or returned to the CHS. The toolkit also contains a template for this type of contract.”