The Personal Information Protection Bill

Data Protection a big deal for businesses

ID-10085325.jpg

The objective of the Protection of Personal Information Bill (POPI) will be a comprehensive protection of information relating to personal detail of an individual.

At present, South Africa does not have comprehensive privacy or data protection legislation. Some aspects are covered in various other statutes which are consumer protective such as the Consumer Protection Act, the National Credit Act and the Electronic Communications and Transactions Act.

In a move to give effect to the right to privacy which is entrenched in South Africa's constitution and in order to align South Africa with many other international jurisdictions that have privacy or data protection legislation in place, the Government introduced the Protection of Personal Information Bill in 2009 (POPI).

POPI has been in the pipelines for a number of years and with its draft stage having reached finality, it is anticipated to be passed by the end of this year. The objective of POPI will be a comprehensive protection of information relating to personal detail of an individual.

In POPI, personal information is defined as covering a very wide range of data pertaining to individuals and juristic persons. Furthermore, POPI differentiates between different types of personal information and the sensitivity thereof. The more sensitive information is defined as special information, which is information that relates to religious beliefs, health data, trade union membership, political persuasion or criminal behaviour of a data subject, and such information requires greater protection under the law.

The new law is intended to cover any person or entity that collects, uses or stores, (in any manner whatsoever) personal information and will therefore involve the majority of organisations conducting various types of businesses having to assess how they handle personal information.

POPI provides rights for individuals to:

  • know the reasons that their information is collected;
  • know the purposes for which it will be used;
  • have the right to object, on reasonable grounds, to use of their information; and
  • enquire whether an organisation holds information about the individual, view and correct that information, and ask that it be deleted.

POPI also requires organisations to only collect and use the minimum information necessary to accomplish their objectives, to maintain such information accurately, to safeguard personal information, and to delete or destroy information when it is no longer needed. Notably, organisations will be required to notify the individual(s) and the new Information Regulator (once appointed) of any compromises to their personal information, including loss, theft, unauthorised access or disclosure, hacking incidents, and so on.

From a practical point of view almost all businesses will need to:

  • ensure that standard terms and conditions cover the authority to use any information submitted to the organisation for purposes which such organisation requires to use that information;
  • be careful how the information is used and to whom the information is disclosed; and 
  •  devise proper secure storage of data.

Comprehensive data handling strategies, processes and procedures as well as systems will need to be devised and implemented in order to comply with the legislation.

POPI was passed by the National Assembly in August 2013, and is awaiting the President's assent.  Once POPI becomes law, it will place a notable onus on businesses that process any personal data in respect of any person. Failure to comply will in all probability result in an administrative fine of no less than R10 million for non-compliance, while offences may also result in criminal charges or lengthy prison sentences.   

 

comments powered by Disqus

RW1
R1
R1
R1

This edition

Issue 73
Current


Archive


BBQ_Magazine_SA The link between learning agility and team performance https://t.co/l7fYDeh2HC https://t.co/VMd38agKoi 18 days - reply - retweet - favorite

BBQ_Magazine_SA The Big Time Strategic Group BBQ Awards will be hosted at Emperors Palace, on the 20 October 2017. Read moreā€¦ https://t.co/oCSEzHnxQW 2 months - reply - retweet - favorite

BBQ_Magazine_SA Opportunities ripe for female entrepreneurs to shatter glass ceiling https://t.co/TkziEkG2Za https://t.co/WNas3E16k3 2 months - reply - retweet - favorite

  • Mapulah Mabe
  • Nwaii Stephanie
  • Lukholo Dingiso
  • PreciousMthembu Felicia