The Protection of Personal Information Act (POPIA), also referred to as the POPI Act, was created to safeguard people's personal information from being misused by third parties who may have access to it.
The guiding principle should be that anyone with access to information that materially affects their interests has a right to have that information provided to them. This may include having personal information about another scheme resident reasonably provided to them by a "responsible party" like the Managing Agent who is in possession of that information.
People have the right to have their personal information handled properly and in line with POPI, as well as the right to object to the processing of their information if they have good reason to believe it will harm them or others.
This means that a community scheme must make sure that the personal information of owners, tenants, and visitors provided to the scheme is only processed for specific and legitimate reasons that are related to their particular functions or activities (for example, schemes that scan the visitor's personal information on their driver's license for access control or that require the writing down of information in a visitor's log).
Plans must also guarantee that the individual providing the personal information is fully aware of the reason for which these particulars are needed, that the information is only kept or stored for as long as is necessary, in a secure environment, and that it is deleted when it is no longer needed.
The Act will also apply to the information kept by trustees of a Body Corporate and other community initiatives, even while compliance with the law is required of all businesses, including Home-Owner Associations.
Personal information of owners and inhabitants that is kept by managing agents and estate managers will be subject to the POPI Act, particularly information that is not in the public domain.
According to various provisions in the Sectional Titles Schemes Management the CSOS Act, bodies corporate, trustees, and any appointed managing agent all have the responsibility to process owner's personal information, making them the "responsible party" and the owners, tenants, employees, contractors, etc. to whom the personal information will relate, the "data subject."
The community scheme executives, as well as any of their agents who have access to this data, are responsible for ensuring that the personal data collected is true and correct to the extent required by law, and that it is updated as needed. It cannot be utilized for any other reason.
Upon request, a community scheme participant should be made aware of where and why their personal information is stored, as well as given the chance to review it and make any necessary changes.
Owners and other parties have a reasonable right to the information provided in the Prescribed Management Rules, according to the Sectional Titles Schemes Management Act.
The STSM Act, other laws, and particularly the function of trustees and managing agents in carrying out their responsibilities must all be taken into consideration when reading the POPIA.
The trustees are in charge of carrying out the obligations of the body corporate, including management of the scheme as a whole. They also have the authority to take any action required to uphold the regulations.
If the primary goal is to help the trustees, residents, and owners perform their duties to the scheme and to other residents, then disclosing an owner's contact information may be necessary.
Accordingly, legislation in the STSMA and the STSMA REGULATIONS that permits trustees to provide contact details to owners upon request may, in a given circumstance, supersede any associated violation of an owner's or resident's "right to privacy" if it is deemed reasonable, justifiable, and necessary for pursuing a "legitimate interest" that for a community involves a common good. The POPIA requires that the information shared be adequate, relevant, and not excessive.