POPI refers to South Africa’s Protection of Personal Information Act which seeks to regulate the Processing of Personal Information.
What is Personal Information?
Means any information relating to an identifiable, living natural person or juristic person (companies, CC’s etc.) and includes, but is not limited to:
- Contact details: email, telephone, address etc.
- Demographic information: age, sex, race, birth date, ethnicity etc.
- History: employment, financial, educational, criminal, medical history
- Biometric information: blood type etc.
- Opinions of and about the person
- Private correspondence etc.
What is Processing?
Processing broadly means anything done with someone’s personal Information, including collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).
Some of the obligations under POPI:
- Only collect information that you need for a specific purpose.
- Apply reasonable security measures to protect it.
- Ensure it is relevant and up to date.
- Only hold as much as you need, and only for as long as you need it.
- Allow the subject of the information to see it upon request.
Does POPI really apply to me or my business?
POPI applies to every South African based public and/or private body who, either alone, or in conjunction with others, determines the purpose of or means for processing personal information in South Africa.
There are cases where POPI does not apply. Exclusions include: Section 6:
- purely household or personal activity.
- sufficiently de-identified information.
- some state functions including criminal prosecutions, national security etc.
- journalism under a code of ethics.
- judiciary functions etc.
Why should I comply with POPI?
POPI promotes transparency with regard to what information is collected and how it is to be processed. Openness increases customer trust in the organisation.
Non-compliance with the Act could expose the Responsible Party to a penalty of a fine and/or imprisonment of up to 12 months. In certain cases, the penalty for non-compliance could be a fine and/or imprisonment of up 10 years.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Please feel free to contact Brian Kahn for further information or specific and detailed advice. Errors and omissions excepted (E&OE)