ATG talks PoPIA and driver’s licence scanning

SMART Estate Security 2023 Residential Estate (Industry)

Whether or not we are obligated to share our personal information is an important question and one we should prioritise. Not because the PoPI Act (PoPIA) has been in the spotlight, but because it is in our interest to safeguard our personal information (PI). This PI includes everything from ID numbers and bank details to sexual orientation or political affiliation. It is the very blueprint of who we are.

Legislation such as PoPIA intends to safeguard this by holding organisations and individuals accountable for upholding its principles. However, organisations should not only comply with the law to avoid punishment; they should value privacy because it is the right thing to do.

ATG Digital’s priority is to ensure compliance with PoPIA, and it completed the first phase of its compliance process in 2019. However, it is constantly evolving and improving as the business grows.

The company offers the following advice to data subjects entering a private gated community or office park where they are asked for personal information.

Under the Act:

• 'Data Subject' are the people or entities to whom the PI belongs.

• The 'Responsible Party' is the organisation that determines what information they need to collect and why. An organisation may collect data provided it has adhered to the eight conditions for lawful processing.

• ATG is defined as an 'Operator'.

As an Operator, the company has made it a prerogative to learn how the legislation applies to itself and share this with clients, resellers and data subjects. Its position is that POPIA compliance is rooted in the points below, and ATG has applied them to its gate scanners. ATG encourages all data subjects to interrogate the responsible party and operator providing such services to ensure the same has been done.

Standard privacy requirements

Accountability: Every ATG client knows they are a Responsible Party (RP) and understands their obligations under the Act. ATG provides educational materials and hosts regular webinars to assist them in meeting the requirements for compliance.

Processing limitations: Information is scanned for the legitimate purpose of protecting private sites, which is both in the interest of the site owners/tenants and the data subjects themselves, for the safety and security of themselves and their property.

Purpose specification: Information is limited to that which is absolutely necessary for the operational requirements of each site; it is deleted as soon as reasonably possible following the RP’s requirements; and guards are empowered with lanyard cards and boards to assist in communicating to data subjects the reasons for the data being collected.

Further processing limitation: ATG does not share the data with any third parties and has safeguards to ensure this.

Information quality: Data is scanned directly from source documents to prevent errors in capturing, and the data subject is encouraged to engage with ATG if they believe any data it holds is incorrect.

Openness: The RP is provided with the necessary signage for their entrances to communicate to the data subject the reasons for capturing, who ATG is, and how they may contact the company.

Data subject participation: ATG has a comprehensive complaints policy and a dedicated email address to assist any data subject requiring additional information on POPIA policies or processes. However, as it is not the RP, it is not authorised to access or delete the information without the RP’s consent and involvement.

Security safeguards: The list of safeguards implemented is too extensive to list completely, but it includes the following:

• All employees are trained in information security; they are legally and contractually obligated to keep personal information confidential; only authorised persons can access such information.

• Staff only access backend data upon receiving a written request from an authorised representative of the responsible party, and no information is shared with anyone who is not on this authorised list.

• The ATG devices hold no data, so the security guards, other guests, site managers or criminals cannot access the data via the device. Once data is scanned, it is immediately encrypted and uploaded to secure cloud-based storage. ATG uses Google Cloud Services. This decision is based on the service levels provided by Google and its commitment to data security and international data protection legislation. Google Cloud Services holds multiple ISO certifications and is considered the ‘Gold Standard’ in secure cloud storage.

• Data can only be accessed via a secure platform using a password. ATG has a suite of information security policies implemented to ensure IT security is of the highest international standard. Regular penetration testing ensures this security is in place.

ATG has adopted the appropriate, reasonable, technical, and organisational measures expected for the industry in South Africa. It has implemented robust policies governing all areas of the business, including electronic and physical records, as well as the physical security of its premises.

For more information, contact ATG Digital, +27 10 500 8611, [email protected], www.atthegate.biz


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Dahua launches 2-wire hybrid video intercom system
Dahua Technology South Africa Smart Home Automation Access Control & Identity Management Residential Estate (Industry)
Dahua Technology has launched a 2-Wire Hybrid Video Intercom System (the Dahua EACH Series) that redefines residential security and communication with its high image quality and easy deployment features.

Read more...
Integrations to protect what matters most
Residential Estate (Industry)
From Command Centre’s single platform, you can see everything happening across your network, physical and virtual servers, endpoints, and applications. With powerful analytics and reporting, you can quickly identify threats and trends before they become serious problems.

Read more...
Intrusion detection for wide areas
OPTEX Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry)
Securing wide outdoor areas presents several challenges that differ significantly from those faced in smaller, more confined environments. The key to safeguarding these spaces is dependent on choosing the right intrusion detection technology.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

Read more...
New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...