The POPI Act has sent everyone in a bit of a tizzy. Do I have to comply? Does my company comply? Do I have to email our client/newsletter list? Do I have to delete all my data? These questions shouldn’t be new, though, as the Act has been around for quite some time. Now, companies can just receive a rather hefty fine of up to R10 million and be blacklisted. It is this reality that seems to have suddenly hit home.
The thing is, everyone has to comply, and you have to double-check that your company does. You can do this by sending emails to your client/newsletter lists, but it doesn’t mean you will have to delete all your data. There are some industries and some transactions that deal with a lot more personal data than others. In these industries, professionals have to cross their t’s and dot their I’s. The Real Estate industry is definitely one such example.
The POPI Act
By now, we all know that the POPI Act has been put in place to protect consumer’s personal data. A company has to responsibly collect, process, store, and share personal information or face the risk of paying civil damages or being sued. There are exclusions and exemptions to the Act. If data has been de-identified to the point that it cannot be re-identified, and if the data is connected to terrorists and related activities, it is excluded from the Act. If the public interest outweighs the privacy of the individual or if the processing of data involves a clear benefit to the Data Subject or Third Party, it is exempt from the ACT.
What about Property Transfers?
Whenever you buy or sell a property, there is a lot of personal information that needs to be provided by the buyer and seller and shared between interested parties, from the real estate agent to the bank to the attorney(s) involved. The real estate industry and the law firms that form part of it were already heavily regulated long before the POPI Act came into force. This means that the data disclosed to interested parties is also already regulated. What the POPI Act had done, however, is create another layer of protection for the consumer and a clear avenue of recourse should their information not be processed responsibly. It also brought South Africa more on par with the same type of privacy laws already in effect in other countries worldwide.
The disclosure of information when a property transfer takes place will still happen; it has to. Private information about the buyer and seller still needs to be shared amongst stakeholders in the transaction. The focus now is on how stakeholders will do so responsibly. This includes receiving explicit consent from the buyer and seller that the necessary information may be shared. That information has to be stored securely and only shared among stakeholders.
Luckily, this type of data security has already been in place at reputable mortgage originators, estate agents, insurers, and attorneys. Their responsibility now is to ensure that all individuals that have to work with the data are fully aware of the seriousness of keeping it secure and that individuals can be personally liable if they compromise it.
Consumers also need to act responsibly when they are asked to share their own personal information. Make sure you are working with reputable companies. You can even go as far as to ask how they are ensuring that your data is safe and how they are staying POPIA compliant.
AED Attorneys understand how precious your personal information is. We do not disclose any of your information unless it is done with your consent and for the specific purpose of transferring a property that you are either the buyer or seller of. AED Attorneys understands that every situation is unique, and although they strive to ensure that the information contained herein is accurate at the time of publishing, it cannot be guaranteed to be without errors or omissions. As a result, AED Attorneys, its employees, independent contractors, associates or third parties will under no circumstances accept liability or be held liable for any innocent or negligent actions or omissions in this article, which may result in any harm or liability flowing from the use of or the inability to use the information provided.