What is PoPI? The Protection of Personal Information (PoPI) Act explained
The PoPI Act, in simple terms, seeks to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information. It holds them accountable should they abuse or compromise your personal information in any way.
From an Individual Perspective
The PoPI legislation basically considers your personal information to be “precious goods” and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control.
- CONSENT – when and how you choose to share your information.
- VALID COLLECTION of the type and extent of information you choose to share.
- USAGE – transparency and accountability on how your data will be used (limited to the purpose) with notification if/when the data is compromised.
- ACCESS – this is a two-way process:
- to give you access to your own information, as well as the right to have your data removed and/or destroyed should you so wish.
- to control who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing your information.
- STORAGE – how and where your information is kept (there must be adequate measures and controls in place to safeguard your information to protect it from theft, or being compromised).
- ACCURACY and the integrity of your information must be provided for (i.e. your information must be captured correctly and once collected, the institution is responsible to maintain it).
What are examples of “personal information”?
This could include:
- Identity and/or passport number
- Date of birth and age
- Phone number(s) (including mobile phone number)
- Email address(es)
- Online/Instant messaging identifiers
- Physical address
- Gender, Race and Ethnic origin
- Photos, voice recordings, video footage (also CCTV), bio-metric data
- Marital/Relationship status and Family relations
- Criminal record
- Private correspondence
- Religious or philosophical beliefs including personal and political opinions
- Employment history and salary information
- Financial information
- Education information
- Physical and mental health information including medical history, blood type, etc
- Membership to organisations/unions
From a Business Perspective
If you are a custodian of personal information, it is important that you remember ‘ignorance of the law is no excuse’ and that there are serious implications for non-compliance.
Not sure about what to do? Read further…