Results 1 to 9 of 9

Thread: Protection of Personal Information Act

  1. #1
    Platinum Member Mike C's Avatar
    Join Date
    Apr 2012
    Location
    Durban
    Posts
    2,415
    Thanks
    216
    Thanked 326 Times in 284 Posts

    Protection of Personal Information Act

    POPI (the Protection of Personal Information Act) will provide welcome protection for our personal information – our names, ID numbers, addresses, medical histories and so on.

    But the other side of the coin is that it will expose small businesses in particular to a whole new raft of onerous obligations and risks.

    The problem is that there have been so many false alarms as to when POPI’s compliance provisions will actually commence, that many of us have lost sight of just how heavy a burden it will place on our businesses.

    But now the process is strongly underway again, and this time it’s not a case of “Crying Wolf”. So here’s what you need to know for now ….


    What is required of you and when

    There’s a lot to contend with even for big businesses with their vast administrative resources and deep pockets. So since 2014 they’ve been planning ahead and spending fortunes on training for POPI and on preparing their systems for compliance.

    But if you’re a typical small business with limited resources you face a real challenge here. You probably have very limited understanding of what POPI is, of how it impacts on you, of the substantial risks it exposes you to, and – perhaps most importantly – what you must do about it and when.

    In a nutshell -

    At long last, an Information Regulator has been appointed, and Draft Regulations have been published for comment by 7 November 2017.

    So it seems logical that the one year grace period for compliance will run from early next year. So there’s no major panic just yet, but take advantage of this advance warning to understand your compliance burden and to get ready for it.

    One of your major obligations is to take appropriate and reasonable measures to secure all “personal information” collected, used or stored by you. Don’t think by the way that you don’t hold any “personal information” – pretty much every detail you have or have used for every client/customer, supplier, service provider, employee etc is included in the definition. POPI applies to you!

    You will have to officially report and explain any suspected breach of confidentiality. Not just a hack or data loss, but any potential data compromise such as the loss or theft of a laptop, cell phone or backup drive.

    You are also strictly limited as to what personal information you can collect, where you can acquire it from, what you can hold and for how long, and what you can use it for.

    Amongst a host of other issues you will have to tackle, you must ensure that the information you hold is accurate. The list goes on …


    The big risks of non-compliance

    Breaches of any of these duties lay you open to severe penalties (administrative fines of up to R10m) and prosecution (up to 10 years imprisonment), quite apart from the harm and loss of trust in you that adverse publicity will undoubtedly cause.

    That’s not all – you can also be sued for millions in damages by anyone whose data has been compromised, and you are limited to a list of specified defences to such a claim. Critically, this is a case of “strict liability” in that no “intent or negligence” on your part need be proved.

    To give you an idea of the extent of the risk, an SME in the UK was recently fined under similar laws. It must pay £60k (R1m) for failing to prevent hackers from accessing its clients’ personal information.

    We’ll let you have some practical guidance on complying once the Regulations (possibly also Codes of Conduct) and effective dates are finalised, but for starters your software, your business processes, and your security systems (passwords, encryption etc) will almost certainly need a major overhaul.

    The best thing you can do right now is to start thinking about what personal information you hold, where you hold it, who has access to it, and how secure it is.


    “Excerpted from an article that first appeared in CA(SA)DotNews and is reproduced with authority from DotNews and, Lowe & Wills Attorneys, Notaries, Conveyances, Notaries Public & Administrators of Estates”
    An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you do know and what you don't. - Anatole France

  2. Thank given for this post:

    AndyD (05-Oct-17), Dave A (04-Oct-17)

  3. #2
    Silver Member Greig Whitton's Avatar
    Join Date
    Mar 2014
    Location
    Cape Town
    Posts
    332
    Thanks
    33
    Thanked 103 Times in 85 Posts
    I fully expect POPI to go the same way as the Consumer Protection Act (i.e. lots of great intentions, but miserable enforcement).

    Founder of Evergrow - Helping South African business owners grow their business without the growing pains

  4. #3
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,582
    Thanks
    534
    Thanked 873 Times in 705 Posts
    I don't think the biggest problems will be hackers or data theft, I think it's going to be employer stupidity or naivety. One example would be an employer or even employee with personal info about their contacts in their cell phone address book. They install an app like Truecaller and immediately that info is irreversibly harvested and distributed without any control or recourse. The info it harvests could include the name of everyone in your contacts, their cell number, their landline number, their email address, their physical address, their photo and any other info about them you've entered as details about them in your contacts. Apart from the way these apps have very wide permissions when you install them they're also often lacking in general security and prone to remote exploitation. Truecaller is just one example that's long been a pet hate of mine but there are many others.

    Quote Originally Posted by Mike C View Post
    .......The best thing you can do right now is to start thinking about what personal information you hold, where you hold it, who has access to it, and how secure it is.
    I'd start by thinking long and hard and identifying where you hold data on others first then reduce the number of places to a minimum.
    _______________________________________________
    I am special and so is Vanash.
    _______________________________________________

  5. #4
    Suspended
    Join Date
    Mar 2013
    Location
    Had enough
    Posts
    3,360
    Thanks
    114
    Thanked 214 Times in 202 Posts
    Im not to sure how this is going to work or affect companies like ours. First of all our data base holds close to 40000 cvs of candidates which they themselves uploaded from our website and has info on it from address to ID no's. Secondly if you say we have to verify people that means we have to access other sites like credit bureau's, police records etc etc which we have to pay for ...so information will still always be readily available. You just need to know how and where to access information.

  6. #5
    Moderator IanF's Avatar
    Join Date
    Dec 2007
    Location
    Jhb
    Posts
    2,635
    Thanks
    192
    Thanked 525 Times in 401 Posts
    I have been following/reading Peter Carruther's email course on this. The course is free. You can sign up here SIGNUP. This is not an affiliate link.
    Does anyone have a recommended encryption programme you can use in a windows environment?
    What worries me is there is no logical way to know what information should be protected. We print business cards, should that info be protected even though the cards are handed out to the "public".
    My own feeling this will go the way of the other well intentioned laws, like smoking laws, but the penalties are harsh.
    What is everyone else doing?
    Only stress when you can change the outcome!

  7. #6
    Platinum Member sterne.law@gmail.com's Avatar
    Join Date
    Oct 2009
    Location
    Durban
    Posts
    1,328
    Thanks
    38
    Thanked 564 Times in 411 Posts
    Blog Entries
    7
    Quote Originally Posted by IanF View Post
    I have been following/reading Peter Carruther's email course on this. The course is free. You can sign up here SIGNUP. This is not an affiliate link.
    Does anyone have a recommended encryption programme you can use in a windows environment?
    What worries me is there is no logical way to know what information should be protected. We print business cards, should that info be protected even though the cards are handed out to the "public".
    My own feeling this will go the way of the other well intentioned laws, like smoking laws, but the penalties are harsh.
    What is everyone else doing?
    Your INFO you may hand out - it has your consent.
    In terms of what - anything that is personal.
    Anthony Sterne

    www.acumenholdings.co.za
    DISCLAIMER The above is merely a comment in discussion form and an open public arena. It does not constitute a legal opinion or professional advice in any manner or form.

  8. #7
    Moderator IanF's Avatar
    Join Date
    Dec 2007
    Location
    Jhb
    Posts
    2,635
    Thanks
    192
    Thanked 525 Times in 401 Posts
    I understand I can hand out my info.
    But if I send a proof of artwork to the wrong person and they use it, I assume I am at fault. Maybe I am just overthinking this and should be seen to be doing the right thing.

    BTW anyone have a recommended encryption programme.
    Only stress when you can change the outcome!

  9. #8
    Silver Member Greig Whitton's Avatar
    Join Date
    Mar 2014
    Location
    Cape Town
    Posts
    332
    Thanks
    33
    Thanked 103 Times in 85 Posts
    Quote Originally Posted by IanF View Post
    But if I send a proof of artwork to the wrong person and they use it, I assume I am at fault.
    Correct.

    Founder of Evergrow - Helping South African business owners grow their business without the growing pains

  10. #9
    Suspended
    Join Date
    Mar 2013
    Location
    Had enough
    Posts
    3,360
    Thanks
    114
    Thanked 214 Times in 202 Posts
    Maybe you need to put a watermark on it so they cannot use it

Similar Threads

  1. Seminar - Protection of Personal Information
    By sterne.law@gmail.com in forum Local Ads on TFSA
    Replies: 0
    Last Post: 15-Mar-16, 06:23 AM
  2. Protection of Personal Information (POPI)
    By sterne.law@gmail.com in forum General Business Forum
    Replies: 0
    Last Post: 14-Mar-16, 12:48 PM
  3. Replies: 22
    Last Post: 19-Jun-15, 03:13 PM

Tags for this Thread

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •