Add Business Report as a preferred source on Google
Follow Business Report on Google News
Business Report

Proposed privacy regulations: What you need to know before giving your ID at gated estates

Staff Reporter|Published

The Information Regulator said the proposed code followed complaints from members of the public about intrusive security and visitor management practices at gated access points.

Image: ChatGPT

If you’ve ever been asked to hand over your ID, fingerprint, licence disc details or phone number just to enter a gated estate or office park, new proposed privacy rules could soon limit what security guards and estates are allowed to demand.

The Information Regulator has published draft new rules aimed at tightening how gated estates, complexes, office parks and other controlled-access sites collect and store personal information under the Protection of Personal Information Act (POPIA).

The regulator says many gated communities and access-controlled sites may currently be collecting far more information than is reasonably necessary for security purposes.

"The Regulator undertook research into the utilisation of closed-circuit cameras(CCTV) surveillance and in addition considered complaints received in this regard, which collectively revealed certain access control practices of an intrusive nature, including the processing of biometric information such as the use of facial recognition systems for the purpose of positive identification of data subjects," the gazette says.

Personal details

Under the proposed code, estates and complexes may no longer be able to routinely demand multiple forms of personal information from visitors where less intrusive options are available.

That could affect the common practice of asking visitors for:

  • identity numbers;
  • driver’s licences;
  • fingerprints;
  • photographs;
  • vehicle registration details;
  • and contact numbers simply to enter a property.

The regulator specifically warns that collecting several categories of personal information for basic access control could be excessive under POPIA.

Instead, the proposed rules encourage alternatives such as:

  • temporary visitor permits;
  • access codes;
  • resident confirmation systems;
  • or checking an ID without recording all the details.

The draft rules also target the growing use of biometric systems and facial recognition technology at estates and office parks.

Fingerprints and facial recognition data are classified as “special personal information” under POPIA, meaning stricter safeguards would apply to how they are collected, stored and used.

No implied consent

Another significant change is that estates may no longer be able to assume you have consented to the use of your personal information simply because you signed a visitor register.

Under the draft code, estates and other access-controlled sites would need to clearly tell visitors:

  • why their information is being collected;
  • how long it will be stored;
  • who can access it;
  • and when it will be deleted.

The proposed rules would apply broadly across:

  • gated estates;
  • sectional title complexes;
  • office parks;
  • shopping centres;
  • schools;
  • hospitals;
  • and government buildings using controlled access systems.

The Information Regulator said the proposed code followed complaints from members of the public about intrusive security and visitor management practices at gated access points.

The draft code has been published in the Government Gazette for public comment.

IOL BUSINESS

Get your news on the go. Download the latest IOL App for Android and IOS now.