With the Protection of Personal Information Act (POPIA) in effect as of the 1st of July 2021, community housing schemes who have not yet appointed an official Information Officer need to do so urgently and to ensure that they are registered with the Information Regulator.
“This is the first step in the chain of POPIA compliance that trustees and directors of community housing schemes must follow” advises Andrew Schaefer, MD of property management company Trafalgar.
“It is also important for trustees and directors to note that it is currently not possible for schemes to simply appoint a managing agent as their Information Officer”.
Trafalgar and other managing agents are lobbying for the Information Regulator to reconsider this restriction, given the need for continuity in data protection and the rotational, part-time, unpaid, and volunteer nature of the trustee and director roles in community housing schemes.
“We are also already responsible for most of the personal information processing that most schemes need to do and, certainly in the case of Trafalgar, we already have stringent data security measures in place”.
Who can be elected as an Information Officer?
According to Sicelo Kula, an attorney at Michalsons who specializes in data protection, Section 55 of POPIA stipulates that the Information Officer of any organisation must be a person who serves in an executive capacity and when it comes to community housing schemes, this means that in most cases, the Information Officer will be one of the following who can also have a deputy if necessary:
- A Sectional Title trustee.
- A homeowners’ association director.
- A general manager or estate manager who is the most senior person in charge of the scheme’s operations.
- An executive managing agent who the owners in a Sectional Title scheme have appointed to take over the role of the trustees.
If a community housing scheme fails to appoint an Information Officer before the 1st of July 2021 deadline, he notes, the chairman of the trustees or board of directors will carry the responsibilities of the position by default.
What are the responsibilities of an Information Officer?
The key responsibility of the Information Officer is to assist the community housing scheme to comply with POPIA and give effect to the rights of individuals as outlined in the legislation.
The Information Officer will be held accountable for ensuring that the scheme puts all the necessary information protection policies, procedures, and agreements in place; for assessing and processing any requests for access to personal data that the scheme holds, and for informing the Information Regulator if there is a data breach.
These responsibilities cannot be delegated. However, community housing schemes are allowed to delegate the execution of the specific tasks that come with the Information Officer role – to their managing agents or other service providers such as auditors, insurers, and security companies.
This must be done formally, by means of a formal written agreement with each service provider that clearly sets out what personal information they may collect, where, and how that data may be stored and secured, and when it must either be destroyed or returned to the community housing scheme.
What qualifications does an Information Officer need?
The Information Officer does not need to be a legal or technology expert, Schaefer says. “However, he or she will need an understanding of the principles of data protection and the reasons that it is becoming increasingly important to secure private personal information”.
“Information Officers will also need good communication skills and, going forward, a willingness to learn about the development of new data gathering and protection methods.”
How to appoint and register an Information Officer
The appointment of an Information Officer for a community housing scheme can be done by means of a simple resolution taken by the trustees or directors, but it must be put into writing, in an appointment letter that sets out all the responsibilities of the position.
Once this appointment has been made, the Information Officer must be registered with the Information Regulator, and this can be done digitally on the website of the Information Regulator where there is an official guideline for Information Officers.