POPIA's impact on the estate agent-property buyer relationship

Stephan Haynes from Gillan & Velhuizen Inc expands on why POPIA is very important for real estate players, and property buyers and sellers alike.

Real estate players

As a responsible party you must also be POPIA compliant. You are also encouraged to include compliancy clauses in your service agreements with third-party vendors and should review all such existing contracts to ensure compliance.

For an entity to become compliant with POPIA, the following issues need to be considered:

1. Educate executives on the “do’s and do not’s” of POPIA;
   
2. Arrange the appointment of an information officer;
   
3. Review and update your policies (privacy policy; data protection policy, personal information sharing policy, BYOD; password policy; document retention policy, etc.);
   
4. Review and update operations contracts;
   
5. Review and revise internal policies and practices.
   

Furthermore the Act states that personal information may only be processed if:

• “processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
  
• protects the legitimate interests of the data subject; processing complies with for the proper performance of a public law duty by a public body;
  
• for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied”.

Bottom line, adds Haynes, is that the days of routinely collecting and then storing personal information are over and responsible parties must conform to the practice of less is more by only collecting personal data for justified purposes.

Prospective buyers, sellers, tenants, landlords

Few prospective buyers are aware of their rights in terms of how personal information may be used; that they are entitled to the option to ‘opt-in’ and/or bar, in this instance the estate agency, from using your personal information.

It is worthwhile noting that personal information is a very broad term. POPIA lists some examples, which include demographic information, personal records, biometrics, personal opinions and identifying information. POPIA further distinguishes “special personal information” as comprising personal information pertaining to religious beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex or biometric information and criminal behaviour of the data subject.

“Most importantly, the processing of special personal information is prohibited without the consent of the data subject and may only be processed if the requirements for consent and justification have been met,” cautions Haynes. The collection of your personal information must be obtained directly from you unless the information contained is derived from a public record or has deliberately been made public by yourself. For this reason, Haynes warns data subjects to carefully consider the personal information you publish online as you may unwittingly be making your personal information ‘fair game’.