CSOS POPI Act Practice Directive
By Auren Freitas Dos Santos: The Advisory
On 10 November 2022 the Community Schemes Ombud Service (CSOS) issued a practice directive to provide guidance on the protection of personal information and access to personal information concerning the administration of a community scheme.
The objective of the practice directive is to ensure that personal information of the members and/or residents of units or homes in the Scheme is collected, stored, and managed responsibly. This article will summarise the key points of the practice directive.
A copy of the full directive can be found on our website by following this link.
The practice directive applies to all community schemes as defined in section 1 of the CSOS Act. The directive’s purpose is to protect scheme members and/or residents’ personal information and ensure that every member and/or resident of a scheme is entitled to receive certain information concerning the scheme’s administration.
The Protection of Personal Information Act (POPIA) sets out the requirements for lawful processing of personal information. Section 11 of POPIA allows a scheme to process personal information of the members and/or residents as long as it is about the governance of the scheme.
In the context of community schemes, a member of a scheme is deemed to have consented to his or her personal information being stored and/or shared with the relevant parties by the Board of Trustees or any governance structure of a scheme for the purposes of managing the affairs of the scheme. However, the processing of information must only be limited to the management of the scheme, such as the collection of levies, compliance with scheme rules, maintenance, and security of the scheme.
Each scheme must develop its own POPIA manual to be adopted by the Body Corporate at an annual or Special General Meeting, setting out conditions for accessing and dissemination of information. The manual must be developed within six months of the coming into effect of the directive, i.e. by no later than 11 May 2023.
It is mandatory for each Scheme to designate an Information Officer responsible for ensuring the secure processing of Personal Information of members, residents, and third parties. The Information Officer may be a member of the executive committee, such as a Trustee, Director, Managing Agent, or Property Administrator, and must register with the Information Regulator. Members and residents are required to inform the Information Officer if any of their Personal Information needs updating, amending, or deleting.
In conclusion, the CSOS practice directive provides essential guidance to scheme executives, managing agents, and unit-owners on the protection of personal information and access to personal information relating to the administration of a community scheme. Adherence to the guidelines set out in the directive will ensure the responsible and lawful processing of personal information and protect the rights of owners or residents not to have their personal information abused or compromised.
Sorry, the comment form is closed at this time.