We live in an unprecedented age of technological advancements which have created a market for the collection, use, and sharing of personal information. In an attempt to align South African data protection laws with international standards, and in order to balance an individual’s Constitutional right to privacy against the need for openness and economic progress within an information society, Parliament has enacted the Protection of Personal Information Act (“POPI”). This article highlights key aspects of which businesses seeking to collect and utilise personal information should be aware.
POPI applies to the collection and use of “personal information” entered in a “record”. Personal information is broadly defined as information relating to an identifiable person. Various types of personal information are listed including demographic data, personal opinions and preferences, correspondence of a private nature and location information. A “record” is defined as any recorded information, regardless of its form or medium.
POPI is still in its infancy and is currently untested law. It remains to be seen how our courts will interpret and enforce this new legislation. Despite having been signed into law, POPI has not yet taken effect but is imminent. Once POPI does take effect, businesses will have a one-year grace period within which to comply with its provisions. If you think compliance is expensive, try non-compliance! Penalties for failure to comply include a fine and imprisonment of up to ten years.
We recommend that businesses educate themselves on the requirements of POPI and start putting the necessary compliance mechanisms in place. Pagdens can assist your business in becoming POPI compliant.
This article is for general information should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact an attorney for specific and detailed advice. Errors and omissions excepted (E&OE)