Rights and responsibilities under the data privacy laws
Over the years, data privacy and protecting personal information has become increasingly important, both from a business and client perspective. The Protection of Personal Information Act 4 of 2013 (POPI) was gazetted in South Africa in 2014 with the intention to protect your data privacy rights as well as your personal information. The Act gives effect to section 14 of the Constitution of South Africa, which provides that everyone has the right to privacy.
Since 2014, the Act has been implemented in a phased-in approach and from 1 July 2021, the Act came into full effect. Let’s unpack what the legislation covers, as well as your rights, roles and responsibilities as an investor.
- What is covered in the Protection of Personal Information Act?
The purpose is to protect the personal information of all South African citizens, which is obtained and processed by both public and private institutions, such as PPS Investments. It also attempts to balance the right to privacy, with other rights, such as access to information.
- What is classified as “Personal Information”?
The Act defines it as any information that relates to an identifiable natural and legal entity (i.e. a data subject) and includes, among others, an identity or registration number, email address, phone number, marital status, biometrics, employment history, banking information, health-related information, and data related to their economic status, personal views and private correspondence.
- Who are the “data subjects”?
Data subjects are defined as any natural or juristic persons whose personal information is processed by a responsible party, (i.e. PPS Investments and its trading subsidiaries and affiliates).
- What forms part of “Processing of Personal Information”?
This involves any action that is taken with a data subject’s personal information. It includes, among other things, the collection, use, storage, dissemination, modification or destruction of personal information by a responsible party or someone acting on behalf of a responsible party.
- To whom does the Act apply?
The Act is applicable to any person, business or entity that processes personal information of a data subject, and are collectively referred to as “responsible parties”. It also applies to, for example, financial service providers, discretionary investment managers, asset managers, retirement funds, life insurance companies, unit trust management companies, administrative financial service providers (collectively referred to in terms of the Act as responsible parties) and any person who processes information for, and on behalf of a responsible party, referred to as an “operator”.
Responsible parties, and anyone processing personal information, will have to align their business process and activities to ensure that it complies with the processing obligations of the Act. Therefore, it is imperative that the processing of personal information is done in a lawful, reasonable and justifiable manner taking into consideration the data subject’s rights, as well as the right to protect information.
- What are responsible parties’ obligations to clients?
The Act places many obligations on responsible parties to ensure that personal information held and processed on behalf of data subjects is processed in a lawful and reasonable manner.
As a responsible party, PPS Investments is committed to ensuring continued compliance with the Act and has therefore implemented, among other measures, the following:
- We shall only collect and process a client’s personal information for a specific and lawful purpose (i.e. providing financial services to clients in respect of their financial products held with PPS Group);
- We will ensure that client records are relevant and up to date as far as reasonably possible and shall inform clients of the ability to update records;
- We have, and will continue to ensure that there are, reasonable security measures in place to protect clients’ personal information and retain client records as required by law;
- We will allow clients to obtain and view their personal information on request and will allow clients to request the deletion of any information not required to be kept by PPS Group; and
- We have adopted a Privacy Standard which sets out client rights which they may exercise in respect of their personal information and the manner and process in which such rights may be exercised.
- What are the “data subject” rights provided by the Act?
As a data subject, you have the following rights, inter alia:
- To be informed if your personal information is being collected by someone or is accessed by an unauthorised source;
- To request access to a copy of the personal information held on you;
- To request correction of any personal information which might be outdated, misleading, incomplete, irrelevant, inaccurate, and/or obtained unlawfully;
- To object to the processing of your personal information, on reasonable grounds;
- To object to the processing of your personal information for purposes of direct marketing by means of unsolicited electronic communications; and
- To submit a complaint to the PPS Investments Group Information Officer regarding an alleged infringement of any of the rights protected under POPI or to submit such complaint to the Information Regulator.
- Your marketing preferences
The Act requires responsible parties to provide their clients with the ability to select their marketing communication preferences. Therefore, PPS Investments will provide you with regular opportunities to select your marketing preferences by either opting-in or opting-out of certain marketing communications. Note that this does not include transactional communication related to your investments with us.
- Committed to protecting personal information
The security of our client and member data remains a foremost priority. You have our assurance that we’re committed to continuing to protect all our clients’ personal information by employing the necessary processes and systems to ensure our client information is protected.
The responsibility lies with you to ensure that we have the correct personal information and to notify us when updates are required. For your convenience, you can view and update your personal details on the PPS Investments Secure Site at www.ppsisecure.co.za.
Visit www.pps.co.za to view the PPS Privacy Standard and to access more information on our commitment to complying with the Protection of Personal Information Act.
By Wesley Davids, Executive: Governance at PPS Investments
Breaking News »