Residential estates: New changes to code of conduct & visitor data collection
Here is what every homeowner and body corporate needs to know before the rules take effect.
Residential estates across South Africa are facing major changes to how they handle your personal information at the gate.
Many people even try to avoid giving their information upon entry and use a go-to fake phone number instead.
South Africa's Information Regulator is finalising a code of conduct that applies to any entity with security teams controlling entry or exit points, and hopes to have the new codes in place sooner rather than later.
This code of conduct will fundamentally change how residential estates, gated communities, and complexes collect and manage visitor data.
MyBroadband reports that the code, published in a government gazette in 2023, sets out what personal information gate guards and surveillance systems can legally collect from visitors, and how that information must be handled.
This applies to:
- residential estates and sectional title schemes
- lifestyle estates
- gated communities
- bodies corporate
- homeowner associations
- commercial parks
- office parks
Gate guards will generally be permitted to ask for a visitor's name, surname, ID or passport number, mobile number, vehicle registration, and the time, date, gate, and host details.
That seems very similar to how it's always been, so what makes the new code of conduct any different?
The information above should only be collected if justified by the relevant risk profile.
Digital access control specialists ATG Digital describe the shift from collecting everything just in case to collecting only what is truly necessary as the core principle.
Under the Protection of Personal Information Act (POPIA), personal information must be relevant, not excessive, and used for a clearly defined purpose.
Information Regulator chair Advocate Pansy Tlakula has warned that scanning a driver's licence, for example, could expose a wide range of POPIA violations, given that it contains a person's name, home address and ID number.
What estates should avoid
Companies risk being investigated for:
- leaving visitor information books open
- leaving information accessible to unauthorised personnel
- copying ID books or licences without due cause
- collecting unnecessary details such as employment history or family information
All of these are serious red flags.
Visitors who record and report these instances could trigger charges for POPIA breaches, potentially resulting in fines or criminal prosecution.
The Information Regulator can issue administrative fines of up to R10-million.
In 2023, the Department of Justice received an R5-million fine following a ransomware attack and data breach.
Beyond fines, POPIA allows any visitor to bring a civil action for damages against a company for distress caused by the mishandling of their personal data, which represents a significant risk for bodies corporate and property owners.
Tune in to 'The Drive with Rob & Roz', on weekdays from 16:00 – 19:00. Stream the show live here or download our mobile app here.
Listen to Jacaranda FM:
- 94.2
- Jacaranda FM App
- http://jacarandafm.com
- DStv 858/ OpenView 602
Follow us on social media:
Image: iStock