The Protection of Personal Information (POPI) Act will soon be tabled in parliament. The POPI Act outlines how companies may collect, handle, store and discard the personal information of others. The new regulations come with heavy penalties for those that fail to comply. POPI can only commence once the Information Regulator is operational. Once the commencement date of the Act is announced, which could be later this year, organisations will have 12 months to comply with the Act.
Who is the Information Regulator?
The Information Regulator is a new regulator that was created by the POPI Act. POPI gives the Information Regulator the power to investigate and fine responsible parties. The Information Regulator will also be able to accept complaints and act on those complaints.
Does POPI apply to me or my business?
POPI applies to every South African based public and/or private body who, either alone, or in conjunction with others, determines the purpose of or means for processing personal information in South Africa.
There are cases where POPI does not apply. Exclusions include:
What is Personal Information?
Personal Information means any information relating to an identifiable, living natural person or juristic person (companies, CC’s etc.) and includes, but is not limited to:
How to comply with POPI
Non-compliance with the Act could expose you to a penalty of a fine and/or imprisonment of up to 12 months. In certain cases, the penalty for non-compliance could be a fine and/or imprisonment of up 10 years.
While the purpose of the POPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another person’s personal information, one could argue that this should be seen as complementary to digital ethics’ practices companies should already have started putting in place. Either way, POPI is coming and companies should start gearing themselves up before being caught out.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Please feel free to contact Brian Kahn for further information or specific and detailed advice. Errors and omissions excepted (E&OE)