News | 13 Apr 2017
The Protection of Personal Information Act (called POPI) was promulgated to enforce the Constitutional right to privacy, which includes the right to protection against the unlawful collection, retention, dissemination and use of personal information. It is naturally subject to justifiable limitations that are aimed at balancing the right to privacy with other rights, specifically the right to access to information and protecting important interests.
Organisations should take note of the definition of personal information, which means any information relating to an identifiable natural or juristic person, including but not limited to the following:
The definition of processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information. It thus includes broad principles such as receipt, recording, storage, updating and modification.
It applies to the processing of information, in any form, by a responsible party (the person who is processing the information alone or in conjunction with others) who or which is domiciled in South Africa, unless the processing relates only to the forwarding of personal information.
Personal information which is processed by non-automated means, i.e. paper and text, photographs etc., fall under the Act only if they form part of a filing system or are intended to be part of a filing system.
The Act applies to the exclusion of any provision of any other legislation that regulates the processing of personal information and that is materially inconsistent with an object or specific provision of this Act.
This Act does not apply to the processing of personal information-
This Act does not apply to the processing of personal information solely for the purpose of journalistic, literary or artistic expression, to the extent that public interest requires the right to freedom of expression to be exercised.
What is important to note is that anyone can lodge a complaint alleging the interference of personal information of a data subject. The penalties that can be imposed for a breach are fines up to the amount of R10 million, imprisonment of up to 10 years or both. It is thus important to ensure compliance with the Act.
Find out more at POPI Compliance >
Information provided by Alida Hendrikse, NACOSA Compliance Officer