The Protection of Personal Information Act (POPIA) Why is it important?

On 01 July 2021 the Protection of Personal Information Act (POPIA) came into force and effect. The questions that then arise are: What is the POPIA? How does it work? Why is it so important and does it even apply to me? This article addresses and deals with some of these questions.

The POPIA is a new and all-inclusive piece of legislation that safeguards the integrity and sensitivity of private and personal information. Below is the definition of personal information as stated in the POPI Act:

“Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: 

a.   information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

b.   information relating to the education or the medical, financial, criminal or employment history of the person;

c.   any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

d.   the biometric information of the person;

e.   the personal opinions, views or preferences of the person;

f.     correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

g.   the views or opinions of another individual about the person; and

h.   the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;” 

The POPIA is probably one of the most pertinent and progressive pieces of legislation that has been enacted and I feel that it has not been given enough attention or recognition.   

When you are in possession of personal and confidential information of others and are in a position where due to your business activities you have to collect, use, store and process that personal and confidential information, you have to be specifically aware of the POPIA and ensure compliance with it.

In an age and in an era of information and digitalization, everything is available and accessible at your fingertips and online. While this is of vital importance and has become an aspect of day-to-day life for the majority of people, very real risks cannot be swept aside and ignored. There is the threat of hacking which has very serious consequences, including: a host of viruses, the disablement of entire digital systems, access to not only your confidential and personal information but that of your employees’ and clients as well, corruption of and access to bank accounts and bank statements, fraud and identity theft among many others.

The POPIA requires and demands that systems and processes are put in place so that the risks and threats described above are managed and curtailed to ensure that confidential and personal information is protected. You have a right to know that the information you provide is safeguarded and that it will not be made available and accessible to others. You have the right to know the nature and the manner in which your personal information is being stored, and that your information is not being kept indefinitely or arbitrarily. You have the right to know how and when your information is destroyed once it is no longer needed, and to know that it is done in such a way that the information cannot be recreated in an intelligible way. It empowers you to access and/or request the correction or deletion of any personal information held about you that may be inaccurate, misleading or outdated.

It is important to understand that it is an offense in the eyes of the law for any person / business / organization to collect, store, use, process and destroy your personal information for any reason whatsoever without your express permission and consent. This is specifically emphasized when it comes to that personal and confidential information of minor children. There are stringent provisions contained in the POPIA relating to how, why, where and in what manner and under what circumstances the personal and confidential information of minor children can be collected, stored, used, processed and destroyed. The rights and interests of minor children are strongly protected and monitored under the POPIA.

To reiterate, it is imperative for people, businesses and organizations to have processes in place that ensure compliance and to inform existing and prospective clients and customers of the fact that you are POPIA compliant. This needs to be readily available and accessible in a POPIA compliant document that can be clearly seen, advertised on your website, and/or contained in a brochure that can be given to new and prospective clients and customers.

Should you need any further assistance or help with becoming POPIA compliant and would like to get the process started, please do not hesitate to contact JFY Attorneys Inc. We are more than happy and able to assist you with this to ensure that you, your business, your employees, your clients and customers are well protected and covered. Let us at JFY Attorneys Inc transform you and your business through compliance.