Can a body corporate reveal the criminal record of an employee to owners?

Can the body corporate of a section title reveal to owners that an employee has a criminal record for a serious crime? This is a question we receive more often than would be expected from body corporates. So, what is the answer, can they, or can’t they reveal this information?

With the South African crime rate being of concern to all South Africans, many citizens choose to live in sectional title schemes where security is often given a high priority. But what if the threat lies within the walls of the scheme?

For this reason, many body corporates have started to undertake background and criminal checks on employees working in a sectional title scheme, including domestic workers, cleaners, maintenance workers, security guards etc. as an added layer of security. But what happens if these checks show that an employee or worker has a criminal record, potentially even for a serious crime? Can this information be shared with owners in the scheme?

Sectional Titles Schemes Management Act (STSMA)
A body corporate is a creature of statute which means that it is created by the Sectional Titles Schemes Management Act (STSMA) and can only act within the rights and responsibilities provided for by the STSMA. A body corporate can therefore not take over the functions of the South African Police Services or other enforcement agency as these duties are not provided to the body corporate by the STSMA.

That said, the STSMA provides that one of the main functions of the body corporate is to control, manage and administer the common property for the benefit of all owners. Under this authority the body corporate therefore has the authority to institute criminal checks as it will be for the benefit of all owners in the scheme to ensure that this employee screening is done as a further layer of security.

Protection of Personal Information Act (POPIA)
The body corporate must comply with the provisions of the Protection of Personal Information Act (POPIA), which regulates how to handle the personal information of an individual. Personal information may only be ‘processed’ if it is adequate, relevant, not excessive and related to the purpose for which it is processed. Personal information may also not be processed without the necessary consent of the individual whose information is to be processed. It must be noted that records of such personal information may not be retained for longer than necessary for the purpose for which it was obtained by the entity processing the information and the latter must have the necessary security measures in place to keep the personal information safe.

A person’s criminal record is in terms of POPIA seen as special information, which enjoys greater protection by POPIA. A distinction must however be made between information that refers to criminal behavior and information that refers to criminal history. Criminal behavior refers to the information of a person who has only been accused of a criminal act, but not yet convicted by a competent court. This falls under the definition of special personal information and in terms of POPIA may not be processed without the consent of the person whose information it is. Criminal history on the other hand refers to information of an individual who has already been convicted in a competent court and therefore such information becomes public knowledge and falls within the definition of personal information and may be processed as such in terms of POPIA.

Right to privacy
Besides POPIA, a body corporate must also consider that all individuals in South Africa have a right to privacy, which must be respected. This is not an absolute right, and the Constitution, makes provision for the balancing of rights. In the case of a sectional title scheme the employee’s right to privacy will need to be weighed against the owner’s right to security and a safe environment to therefore establish whether a criminal record may be disclosed or not.

Labour law
Additionally, there is always also the labour law angle to be considered regarding the right to conduct employee screenings and criminal checks as well as disclosing the results of such screening and/or acting on such results in respect of employees.

What all of this means is that a body corporate cannot just conduct criminal checks on employees or disclose the result thereof to owners in the scheme, but would need to ensure that the necessary labour and privacy aspects are addressed first and then also that the privacy and POPIA aspects are taken into account when considering any processing of the personal information of any employee, which includes the sharing of such information with others. It would therefore be prudent to consult your attorney to assist in aligning all of these legal aspects before any screening and or disclosures are made by a body corporate.

Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken on the basis thereof unless its application and accuracy have been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s).

June 13, 2023
International: Privacy by Design – prioritizing security in business

International: Privacy by Design – prioritizing security in business

In today’s current digital space, safeguarding privacy and ensuring that your business is compliant with the various cyber laws and data privacy regulations is crucial to ensure that business operations are well protected. In this article, PR de Wet and Mishka Cassim, from VDT Attorneys Inc., seek to address some of the most important issues companies face and need to consider on a global scale when addressing privacy concerns.

South Africa: POPIA and prior authorisation to process personal information

South Africa: POPIA and prior authorisation to process personal information

The Protection of Personal Information Act, 2013 (Act 4 of 2013) (‘POPIA’) requires a responsible party to apply for and obtain authorisation prior to processing certain identified categories of personal information. With POPIA compliance deadlines fast approaching PR de Wet and Hayley Levey, from VDT Attorneys Inc, analyse the POPIA prior authorisation regime.

Sign up to our newsletter

Pin It on Pinterest