Please note that you are using an outdated browser which is not compatible with some elements of the site. We strongly urge you to update to Edge for an optimal browsing experience.
Property for sale: Houses for sale: Property24
List Privately
  • Home
  • >
  • News
  • >
  • Industry
  • >
  • Is it legal to scan and collect data from driver’s licences under the POPI Act?

Is it legal to scan and collect data from driver’s licences under the POPI Act?

24 Mar 2021

The Protection of Information Act (POPIA) will commence on 1 July 2021. As organisations nationwide hurry to meet compliance regulations, access control practices - such as driver’s licence scanning - are thrown into question.

 
 
Ariel Flax of ATG Digital answers frequently asked questions regarding data collection regulations at physical access points.
 
Is it legal to scan and collect data from driver’s licences under the POPI Act?
 
Provided the data is processed following POPIA regulations, yes. The POPI Act doesn’t stop an organisation from collecting personal information but rather concerns itself with the “why” and “how” such information is processed. Processed refers to the collection, receipt, recording, organising, retrieval or use of the data.
 
Compliance relies on the responsible party (the organisation that collects and controls what happens to the data) meeting the conditions of the Act. Therefore, processing driver’s licence data is legal, provided that it is done in a compliant manner.
 
What are the conditions, and how do they apply to access control data collection?
 
In essence, the responsible party must:
  • Only collect information that is necessary for a specific purpose. In this case, security.
    Apply reasonable security measures to protect it.
    Ensure that information on the scanning devices and any end-points to which the data is transferred are secure. Create a procedure that outlines what to do in the event of a breach.
  • Ensure it is relevant and up to date. Digitally capturing data directly from a driver’s license or ID book ensures accuracy. Handwritten visitor books are unreliable.
  • Only hold as much as you need, and only for as long as you need it.
  • Allow the subject (the person whose information it is) to see what you’re holding about them upon request.

 

Does this mean that digitised licence scanning can help with compliance?

Yes, but remember, not all scanning solutions are the same. You want a system that will:

  • Encrypt the information captured on the scanning device and immediately uploaded it to a secure storage platform so that the data does not remain on the device.
  • The cloud (or local server to which the data is sent) is secure and compliant with local and international data privacy standards.
  • Limit access to the information to authorised personal only via two-factor authentication.

 

For POPIA compliance purposes, all such authorised personnel should be POPI trained and sign an NDA.

SEE | Security vs Privacy | Can residential estates scan your drivers’ licence?

Which is more secure, the cloud or local storage?

This question comes up often. There’s a misconception about the cloud, mainly because - again - not all platforms are equal. You would need to investigate the solution that your security provider is using. Is their cloud just their own local data centre? Do they have adequate redundancy, disaster recovery protocols, IPS and IDS in place?

ATG Digital, for example, uses Google Cloud Services, a platform selected for its world-renowned security systems and compliance with international privacy legislation.

What if a visitor refuses to have their information scanned?

Like any piece of legislation, POPIA co-exists with other laws and regulations. It does not necessarily supersede your other compliance obligations - nor does it suspend your rights.

You can still reserve your right of admission. Suppose it is mandatory to collect specific personal details to grant access, and a visitor upholds their right of refusal. In that case, you can uphold your right not to permit entry.

That’s one example of many possible solutions. If refusing entry is not an option (for practical or legal reasons), there are alternative solutions depending on the application.

"We find that visitors will most often refuse to share their data if they are not furnished with a privacy notice. A document that outlines what you’re collecting, why and how it will be processed, how long it is stored and the data subject’s right to view what you have on record in the future on request," says Flax.

"Peace of mind that you are handling private information responsibly goes a long way."

Want all the latest property news and curated hot property listings sent directly to your inbox? Register for Property24’s Hot Properties, Lifestyle and Weekly Property Trends newsletters or follow us on TwitterInstagram or Facebook.

Print Print
Top Articles
Torn between two homes? Follow these tips to help you make a choice
Purchasing a home is more than just a financial investment and the key to making the right choice is to step back, evaluate your priorities and compare the homes beyond their surface appeal
Embrace the Best of Family Living in Salt Rock City on the North Coast
Salt Rock City offers the perfect blend of prime coastal living and practical everyday conveniences. With land and freestanding homes available at accessible prices, it’s an ideal location for families seeking comfort, security, and a thriving community atmosphere.
Property market forecast: Trends to watch in 2025
Whether you’re buying, renting, or investing, preparation and adaptability will be the keys to success.
More property articles...

Latest properties for sale in South Africa

Property for sale in Gauteng
Property for sale in Western Cape
Property for sale in KwaZulu Natal
Rest of South Africa
Copyright © 2025 Property24
Download the App
Loading