POPIA or the Protection of personal information act comes into effect on 1 July. Eek! What is it and what must I do about it? Like most regulations, it is a pain in the part you sit on, and at the same time, not as bad as it sounds.
Why does it exist?
We live in the era of information. Every time you speak to the bank or your insurance company, they want to verify that you are you by asking for your ID number, your home address, your cellphone number. Which means they already have that information. Every time you apply for a job, they ask the same questions, as well as what your race is, if you have a criminal record, and so on.
Lots of different entities – companies, government departments, your children’s school, will have your personal information. You cannot function in our society if the entities you deal with do not have your information. At the same time, if those entities are lax in how they safeguard or use your information, or even worse, abuse your information by giving it to the wrong people, you can suffer in many ways. This could vary from discrimination because of who, what or how you are, to crooks using your info to steal your money.
POPIA forces those who hold your details to treat it responsibly.
What information are we talking about?
Everything. Name, age, race, gender and sexual orientation, pregnancy, marital status, your origin – national, ethnic or social, physical or mental health, disabilities, religion, beliefs or culture, even your language. Also included are your educational, employment, medical, criminal, and financial history. Your ID number, physical and email addresses and contact numbers are covered by POPIA. So are pictures, videos, voice recordings and biometric information. Even a person’s personal opinions, views or preferences are included.
Is POPIA a good thing?
Think of all the spam calls and emails you get. Think of all the phishing attacks people try on you. Think of all the robocalls you get on a Saturday evening just when you have lit the fire. These are all because someone has actively or passively let your information go out into the wide world. As a consumer or keeper of a consumer’s information, you should regard POPIA as a positive step.
So, what do I do if I have this information about someone?
Attention: don’t abuse the information you have. You can get a max 10 years in the chooky or/and a R10m fine. When in doubt, don’t give it out, or even better, speak to your lawyer.
But POPIA is not about putting you in jail or taking your money. You very often have to use the personal information you have about people for your benefit and theirs. There is a raft of regulations, but to simplify, use people’s information in the same way you would like your bank or cellphone company to use your own.
Firstly, POPIA applies to everyone – local or foreign – who handles personal information. So that means you. You must have a dedicated person or office to look after the information you have. Get permission to use someone’s information for whatever reason. If they object or demand a correction of their information, you have to accede to their wishes. If you want to use the information for marketing, you must get their permission.
It is your responsibility to safeguard the information about people you hold. Even if it is accidentally distributed, you will be responsible – see the first paragraph in this section. POPIA is a pain, but it is important. So, if you hold some information on some people, be sensible. But if your business collects and holds information on many people, speak to your lawyer. This is a complicated law that, if violated in any way, could have serious consequences. And it kicks in on 1 July 2021.
Article Credit: Philip Gelderblom