https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Embed Video

1

'Processing' personal information in terms of POPI

'Processing' personal information in terms of POPI

7th March 2014

SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

As more fully set out in our January 2014 website article,  the Protection of Personal Information Act or “POPI” (hereafter referred to as either “POPI” or the “Act”) regulates the manner in which personal information is collected, kept, treated and stored. These actions are collectively described as processing personal information. Thus, in order for businesses to comply with the provisions of the Act, personal information must be processed in terms thereof.

Businesses are in essence (and simply put) about people (including employees, stakeholders and owners), processes and systems. As such it is unarguably clear that all business (with only a few exceptions) will be impacted by this Act.

Advertisement

It is therefore of the utmost importance that businesses gain a clear understanding of the considerations involved before the effective date of the Act in November 2014.

The lawful processing of personal information

On the basis that the term personal information (“information”) is defined  widely in the Act and as such includes a person’s name (including a juristic person such as a company), contact details, religion, sexual orientation, personal views, private correspondence, health records, employment records, financial records, it is fundamentally important that a clear understanding of processing the information is reached.

Advertisement

Moreover, the ‘processing’’ of information is defined in section 1 of the Act as:

“any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
(a) The collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
(b) Dissemination by means of transmission, distribution or making available in
any other form; or
(c) Merging, linking, as well as blocking, degradation, erasure or destruction of
Information.”

Lawful processing - the limitations on processing information

In terms of chapter 3 – specifically principle 2 (“processing limitation“) thereof POPI sets certain limitations on processing information:

Broadly speaking, this centres on the balancing of the rights of privacy and lawful processing of information in terms of POPI.

The Act states inter alia that processing has to be done with the person’s consent, in a lawful and reasonable manner which does not infringe on the right to privacy. The right to privacy is a fundamental human right and is even protected by the Constitution in chapter 2 (bill of rights). 

Moreover, the right to privacy from a consumer’s perspective has also been acknowledged and as such is protected by the provisions related to consent for direct marketing or communications (Consumer Protection Act 68 of 2008 inter alia sections 11 and 12). Now POPI also regulates these aspects in relation to the collection and processing of information in a wider context.

Importantly, information must be collected from the person directly save where it could be collected from another party in terms of law (section 11 elaborates on this). Moreover, according to section 10, it may only be processed where:

1. The consent of the person has been obtained,
2. Processing is necessary,
3. Processing complies or is otherwise required by law,
4. Processing protects a legitimate interest of the person,
5. Processing is necessary in compliance of a public law duty, or
6. Processing is necessary for pursuing the legitimate interests of the person to whom it is supplied / third party.

Moreover, personal information so collected / processed must be compatible with the purpose of its collection. The responsible party has to therefore be aware of numerous aspects including the nature of the information, the manner in which the information was collected and its purpose.

Conclusion

From this it is clear that affected businesses should establish what information is truly required for collection and processing in their businesses. To then advise customers, stakeholders and employees why this is required and to ensure that proper standards protecting privacy are in place. Accordingly implementing preventative strategy and best practice is key.

Written by Nicolene Schoeman-Louw, Schoeman Tshaka Attorneys (Cape Town)

EMAIL THIS ARTICLE      SAVE THIS ARTICLE

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za