https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Business|Financial|Flow|Health|Flow
Business|Financial|Flow|Health|Flow
business|financial|flow-company|health|flow-industry-term
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

POPIA – what does it mean for you and your business?


Close

Embed Video

POPIA – what does it mean for you and your business?

POPIA – what does it mean for you and your business?

5th June 2018

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The Protection of Personal Information Act 4 of 2013 (“POPIA” or the “Act”) regulates the right of privacy in a specific context of data protection. It does not cover other aspects of privacy, like the privacy of communications.

The purpose of the Act is to:

Advertisement

“… give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at—

            (a)

Advertisement

(i) balancing the right to privacy against other rights, particularly the right of access to information;

(ii) protecting important interests, including the free flow of information within the Republic and across international borders;

(b) regulate the manner in which personal information may be processed, by establishing principles, in harmony with international standards, that prescribe the minimum threshold requirements for lawful processing of personal information;

(c) provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and

(d) establish voluntary and compulsory measures, including an Information Protection Regulator, to ensure respect for and to promote, enforce and fulfil the rights protected by this Act…”

Thus, POPIA sets conditions for how one can process the private information of persons that is in their possession. 

Personal information is defined in the Act as:

“…means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

(b) information relating to the education or the medical, financial, criminal or employment history of the person;

(c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;

(d) the blood type or any other biometric information of the person;

(e) the personal opinions, views or preferences of the person;

(f)  correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

(g) the views or opinions of another individual about the person; and

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;….”

POPIA requires responsible parties to be open about their processing and allow the data subject to participate in how their personal information gets processed.

Consumers have various remedies, like complaining to the Information Regulator and suing for damages in a civil action. In order for the latter, damages will depend on a case by case basis.

Over and above your and your business’s obligations, Consumers should:

  • Only give personal information to companies they trust;
  • Put their name on the “Do Not Contact” register (in terms of the CPA);
  • Read Privacy Policies;
  • Ask organisations to tell them what personal information they have and ask for it to be deleted;
  • Unsubscribe from newsletters;
  • Complain to the organisation itself first;

In terms of the Consumer Protection Act 68 of 2008 (the “CPA”) as amended anyone can currently email marketing on an opt-out basis. In terms of POPIA, email marketing can only occur on an opt-in basis.

What could happen to you or your business if you do not comply?

  • Suffer reputational damage;
  • Pay out millions in damages to a civil action; and
  • Be fined up to R10 million or face 10 years in jail.

Conclusion

We recommend that businesses revise their policies and ensure that they align all facets of their businesses. Contact SchoemanLaw today.

Submitted by Schoeman Law

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za