What kind of information protection can you expect in your body corporate?

With the Protection of Personal Information Act (POPIA) recently promulgated many individuals are asking if their personal information is being shared with third parties against their will and if their information is being kept secure by those who have their information.

Owners of sectional title properties should be asking the same questions of their scheme’s managing agents and trustees – whether their information is being kept securely and being processed responsibly.

In this blog post, we have a look at what owners can expect of third-party organisations who hold their personal information and what it can be used for.

POPIA: What does this mean?

The POPIA is based on eight principles; these are:

  1. Accountability – organisations must assign responsibility to ensure compliance with the Act.
  2. Processing Limitation – information must be processed lawfully and not for malicious reasons.
  3. Purpose Specification – this determines the scope with which information must be processed by an organisation.
  4. Further Processing Limitation – information must only be processed based on the permission given to them.
  5. Information Quality – organisations must ensure that the quality of the information is maintained.
  6. Openness – information must be processed in a fair and transparent manner by the organisation.
  7. Security Safeguards – information must be kept safe and secure, and free of any risk of unauthorised disclosure and destruction.
  8. Data Subject Participation – individuals are empowered to demand that incorrect, outdated, or misleading information about them are corrected or deleted.

In short, the POPI Act determines how the personal information must be stored and shared by third-party organisations, while empowering individuals to have more say over how and when their personal information is shared.

Information held by your scheme

A body corporate is a collective of owners that contribute to the financial and management affairs of the scheme. Each owner`s details is held by the scheme’s managing agent, who – together with the trustees – are the people who work with the information most often.

The managing agent will use the information to communicate with the owners on basic scheme management issues such as levy statements, reminders and circulating essential information to all owners. The trustees typically make use of the information when reviewing debtor reports or when they need to contact owners directly to address any issues they may have.

For that reason, it is important that the managing agent has policies and procedures in place that comply with the Act and protect the information of the owners.

They may only use the information for the purpose for which they are mandated. That means the managing agent or trustees will be in contravention of the Act if they provide the names and contact numbers to estate agents who then contact the owners to find out if they want to sell their units.

This does not mean that certain information may not be provided when required. One example is when a list of owners that are in arrears with their levies are published in the annual financial statements of the scheme.

WhatsApp groups and group emails

This form of bulk communication is popular because it is an easy, convenient and quick way to communicate with a group of people. Neither are mandatory and anybody can remove themselves from the groups at any time.

When it comes to these types of communication platforms, it is important that the organiser ask the participants if they want to participate in the groups and if their information (telephone or email address) can be shared with the rest of the group.

The use of WhatsApp groups is intended to provide immediate information and urgent notifications to the participants on the group. It should never be used as an official communication tool for issues related to the scheme. Group emails with relevant subject lines and topics are better suited for official communication purposes.


Bodies corporate are the custodians of the owners’ personal information; therefore, it is the responsibility of the scheme managers and trustees to ensure that the information is stored safely and used responsibly.

There are exceptions where information may be shared without considering any privacy restrictions. This includes the scheme’s financial information being shared with owners who require it for the purpose of selling their unit, or when a list of defaulting owners is published in the financials.

It is important that those responsible for managing other people’s personal information consider the principles of the POPI Act or have the written permission before they share any such information.