STILL NOT POPI COMPLIANT? LET US HELP

By Bernadine Vester

THE INFAMOUS PROTECTION OF PERSONAL INFORMATION

ACT 4 OF 2013 CAME INTO EFFECT ON THE 1^ST OF JULY 2021.

MY BUSINESS IS STILL NOT COMPLIANT.

HELP!?

Long before the advent of personal computers, cellphones, flash drives and the wacky World Wide Web, humans have continuously attempted to safeguard their personal information and secrets.

Whether it be the Freemasons, the CIA or Sarah-Lee Davids on Facebook, people will always place a high value on confidentiality and information security. The high value we place on keeping our private information private, has planted a seed from which an entire underworld has grown… A world where personal information is used to fuel marketing campaigns and personalized advertisements are sent directly to the junk folder in our Gmail accounts.

South Africa has now taken a definitive stance “against the unlawful collection, retention, dissemination and use of personal information”[1] and has enacted the Protection of Personal Information Act 4 of 2013 (“the Act” or “POPI”).

Section 2(b) of the Act indicates that the purpose of this protective legislation is to “regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information”[2].

Personal information means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

• information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
• information relating to the education or the medical, financial, criminal or employment history of the person;
• any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
• the biometric information of the person;
• the personal opinions, views or preferences of the person;
• correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
• the views or opinions of another individual about the person; and
• the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person”[3]

On 1 July 2021 our legislature placed their finger on the POPI trigger and blew. Their aim? All those who could be considered a Responsible Party in terms of Section 1 of the Act. A Responsible Party is defined as “a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information”[4]. Though the definition is rather broad, businesses and juristic entities have generally understood this to mean them.

This is why attorneys, candidate attorneys, Human Resource personnel and managers and newly designated Information Officers worked tirelessly on the eve of the 1^st of July 2021 to ensure compliance.

Unfortunately, many businesses and juristic persons have fallen through the cracks due to financial limitations, general Corporate Governance issues, ineffective protection measures, outdated soft and hardware and the dreaded COVID-19 pandemic which had been the nail in the coffin for many small businesses.

If you are one of those businesses/juristic entities who got lost by the wayside, we at Kellerman Joubert Heyns Incorporated believe that it is never too late to become compliant. We want to assist you in your journey to compliance.

Download our brochure here which contains our fee structure and let us help you implement an entirely new lifestyle of data protection.

And if you are interested in improving your business’s Corporate Governance strategy, please read our summary of the King IV Report on Corporate Governance for South Africa also on our website.

(The content hereof does not constitute legal advice but rather information of a general nature.  Should you want more information on any of the issues discussed herein, please do not hesitate to contact our office.)

[1] Preamble of the Protection of Personal Information Act 4 of 2013.

[2] Section 2(b) of the Protection of Personal Information Act 4 of 2013.

[3] Section 1 of the Protection of Personal Information Act 4 of 2013.

[4] Section 1 of the Protection of Personal Information Act 4 of 2013.