Advertise Here
Icon

Directory

IconAccounting & Tax
IconAccreditation Bodies
IconActuaries
IconAssociations and Institutes
IconAuditors
IconBBBEE Consulting and Verification Agencies
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCompany Secretarial Services
IconCompare Medical Scheme Benefits
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDebit Order Collection Facilities
IconEducation and Training
IconEmergency Medical Rescue
IconExpatriate Cover
IconFAIS
IconHealthcare Consultants
IconHuman Resources
IconInformation Technology and Software Partners
IconLegal
IconManaged Healthcare Service Providers
IconMedical Aid Administrators
IconMedical Aid Schemes
IconMedical Schemes Trustees Liability Insurance
IconMedical Service Providers
IconOmbud
IconPolicy Administration
IconPublications
IconRegulatory Authorities
IconSurveys & Research
IconTraining Courses & Workshops
IconWellness Programs
Image
  Subscribe To »

POPI BREACH COULD MEAN FINES OF UP TO R10 MILLION AND A 10-YEAR JAIL SENTENCE

Published

2020

Thu

09

Jul

Where to start for SA businesses?

 

09 July 2020: Parts of the long-awaited Protection of Personal Information Act 4 of 2013 came into force on 1 July 2020, and companies will have a period of one year to get their ducks in a row or risk substantial fines and even imprisonment.

 

The Act seeks to regulate the processing of personal information (which includes, amongst other things, collection, storage and dissemination) to ensure greater security of data and privacy. From the storing of customer date, employee data, to direct marketing and e-commerce, the commencement of POPI will have far-reaching implications, but first, businesses will need to be clear that what they are collecting is in fact personal information.

 

This is according to Justine Krige, a Director in the Corporate & Commercial practice at business law firm Cliffe Dekker Hofmeyr (CDH), who notes that it is almost impossible to do business these days without collecting personal information of customers, suppliers and employees. “The wide definition of personal information includes any data or information that can be used to identify a person; from physical descriptors and contact details, to personal history, opinions and preferences.

 

“This information is collected in many ways, but there are generally four key areas for businesses to be aware of: market research via direct marketing; online contact forms, browsing and profiles; employment agreements; and service level agreements. For POPI compliance, it is critical to ensure that the requisite approvals are in place from data subjects in all of these areas.”

 

In terms of compliance requirements, Fatima Ameer-Mia, a Director in CDH’s Technology, Media & Telecommunications practice, highlights the importance of having a tailor-made ‘POPI Policy’. “This is essentially a privacy policy which describes how an organisation collects, uses, stores, processes, and shares personal information of its data subjects. An organisation’s POPI Policy may be embedded on its website (where applicable) and/or included in contractual arrangements with suppliers and customers.

 

“Critically, no one size fits all when it comes to privacy policies, so organisations should avoid ‘off the shelf’ bought policies and rather tailor their own. For some businesses, multiple POPI Policies may be required – for external purposes (i.e. suppliers and services providers, on the one hand, and customers on the other) and internal purposes (i.e. employees and prospective employees),” Ameer-Mia explains.

 

On the topic of employment, Director in CDH’s Employment practice, Gillian Lumb warns that employers will also bear increased liability for the conduct of their employees, with effect from 1 July 2021. “In terms of section 99(1) – which came into effect last week – an employer may be held liable for the conduct of its employees, regardless of whether there is any wilful or negligent conduct on the part of the employer."

 

“Employers therefore have one year to prepare for and take steps to mitigate the risk which this section creates, in particular ensuring that their employees do not process information unlawfully and that they are aware of the conditions for lawful processing and act in accordance with these conditions at all times.”

 

With the coming into force of POPI, the role of the Information Officer – who is responsible for the lawful processing of personal information – has also expanded. Kendall Keanly, Director in CDH’s Corporate & Commercial practice says, “The Information Officer’s role within an organisation is now not only governed by the provisions of the Promotion of Access to Information Act 2 of 2000 (PAIA), but also POPI, which requires the drafting of a compliance framework, attending to any personal information impact assessment; and providing internal POPI awareness sessions.”

 

The organisation is, however, entitled to appoint as many deputy information officers as may be necessary to perform these duties, Keanly adds. “Selecting the right individual(s) for this role is important because if a deputy information officer fails to perform the duties delegated to them, it could have adverse implications for not only the responsible party (as defined in POPI) but also the Information Officer.

 

“For business owners, contravention of POPI could result in far-reaching sanctions, including the imposition of fines, imprisonment for a period of 12 months to 10 years and/or a damages claim by the data subject. Each role player has one year within which to ensure that their business practices comply with POPI, failing which, they will fall foul of the statutory provisions,” Keanly concludes.

 
Source: MSL Group
 
« Back to previous page Print this page » |
 

Breaking News »

Transformation Collection During COVID-19

While COVID-19 has created havoc on society, this change can contribute to positive opportunities in the way we do business within an enterprise moving forward. Rapid Collect can assist SME's and ...
Read More »

  

Covid-19 shines spotlight on gaping holes in personal risk planning and responding insurance solutions

The Covid-19 pandemic has pulled a critical thread, unravelling the fibre of every economic and social structure, across countries, continents and communities. In the wake of soaring infections, hospitalisations ...
Read More »

  

Liberty Drives Hope - and places the needs of ordinary South Africans at the core

                                    It was a desperate cry ...
Read More »

  

WHY YOU SHOULD TAKE LEAVE DURING LOCKDOWN

By Paresha Kala and Ashley Ramsoonder, senior consultants and occupational therapists at Alexander Forbes Health Management Solutions   With no clear indication on when Covid-19 lockdown restrictions ...
Read More »

 

More News »

Image

Investment »

Image

Life »

Image

Retirement »

Image

Short-term »

Advertise Here
Image
Image
Advertise Here

From The Glossary »

Icon

Sinking Fund:

A means of repaying funds advanced through a bond issue. The issuer makes periodic payments to the trustee, who retires part of the issue by purchasing the bonds in the open market. This means that every period (usually every year) a company will pay back a portion of their bonds. An example would be a company that issues R20 million in bonds with a 20 year maturity and pays back R1million worth of bonds every year at par. This is decided purely ...
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2020. All Rights Reserved.