Cape Town - Security companies should implement zero visibility technology and
policies so only senior personnel can
gain access to captured personal particulars.
This comes after alarms were raised by the Justice Project SA (JPSA) over the sharing of personal information at private estates or gated communities.
Speaking to the Weekend Argus, Lee Marcus from Robyn Hey Attorneys suggested that only in emergencies or justifiable legal circumstances should personal info be accessed.
“Visitors should be assured that their details will be deleted after a reasonably short period. The property owners will want this period to be longer, to help them trace and deal with offenders, damage and crime, for example.
“Individuals will inevitably prefer their details deleted without any delay. These are competing interests - both entirely valid - so a balance will have to be struck,” said Marcus.
JPSA chairperson Howard Dembovsky said their concern began when a vehicle registration was cloned several times after the owner willingly shared details with guards at a private estate.
“This is more common than we think it is. The Protection of Information Act is very specific. You have to destroy the information when it is no longer required. There is no one to make sure that information is destroyed.”
People are often asked to sign in a book and provide their full names, contact number, and registration number when they try to gain entry to a private estate.
Now with the advancement of technology vehicle licence disks are scanned onto a system, as well as an ID or driving licence.
Marcus said if the complex or estate was private property, then visitors cannot legally claim access as a right.
“They are granted access on the basis of a mini-contract: ‘If you are prepared to give us your details, we will let you access our property’.
“For obvious reasons, this requirement is making more and more South Africans uncomfortable. However, because of this contractual nature, it is probably not in itself going to be considered unlawful.”
He said the root cause of the concern was not the fact that personal information was requested.
“The problem is not knowing what might be done with that information. Is it secure? How is it stored, and for how long? Will it be shared?
“Can it be hacked and misused? It is in the answers to these questions that one is more likely to find unlawful behaviour that exposes people to risk.”
Southern African Fraud Prevention Service executive director Manie van Schalkwyk said he had become wary when signing in.
“I feel 100% uncomfortable sharing this information. When signing in people do not know where that information goes to, what is done with it if it is encrypted, who has access to it, how secure it is, can it be distributed or hacked,” said Van Schalkwyk.
Chad Thomas, chief executive at IRS Forensic Investigations, told Weekend Argus that he, too, felt uneasy when asked to produce his information.
He explained that the same method used to clone a card could be used to commit identity theft.
“Private estates have the right to ask for identification when people enter their premises.”
Marcus advises complexes and estates to insist that their security providers provide proof of their security protocols that protect personal information disclosed by their visitors.
“They should not turn a blind eye and leave this in the hands of their security companies. In the event of breach, fraud, identity theft, etc private estates and complexes may be held liable for their role in insisting on disclosure without reasonably adequate protection,” said Marcus.
In April, the Supreme Court of Appeal (SCA) found that private estates were entitled to establish and enforce their own traffic rules.