The POPI Act was first legislated in 2013. POPI stands for Protection of Personal Information. Its primary focus is to ensure the protection of personal information. Such personal information could include names, email addresses, phone numbers, ID numbers and even biometric information and passwords.
Certain POPI Act clauses were recently gazetted and became effective from 1 July 2020. In terms of which entities have a year to ensure compliance with the Act before penalties are issued for non-compliance.
By its very nature, estate agencies collect, store and share personal information. It is therefore imperative that agents follow a few simple steps to ensure compliance. It is recommended that this process be started as soon as possible. Begin with an audit of the information that is stored. Two simple questions need to be asked: what information is kept and for what purpose is it kept. Additionally was this information obtained from a third party and was consent obtained from the applicable person. When such an exercise is undertaken it will become apparent how over the years information is kept which may no longer be needed and the reason for keeping it is no longer valid. Old contracts and transactions do not need to be kept. Also investigate how information is stored and what measures are in place to safeguard such information.
All information that is no longer current or required should be discarded in a safe manner using for instance a POPI-compliant shredder.
Review all company contracts and documents particularly any service level agreements. Any personal information sent to third parties also needs to be protected and agreements need to be put in place to protect the personal information of clients.
Take responsibility for personal information and manage it in a responsible way. Consider implementing a privacy policy when it comes to collecting, storing and disseminating personal information. If in doubt rather discard the information because storing personal information comes with onerous consequences.
Do not keep information that is not needed, rather destroy it than be responsible for it.