The POPI Act
POPIA & Your Website
– Marlon Brando
WHAT PERSONAL INFORMATION MAY A COMPANY COLLECT AND WHY?
You as business and website owner, may collect any personal information as long as it is for a specific purpose and the client is informed. So, collecting personal information to conduct your ordinary business operations is totally within the scope of POPIA, as long as you take reasonable steps to protect the data that you collect. You may not use the data for any other reason outside of the business operations of your company. You must inform the client of all intended uses of their information, how it will be processed and how it will be secured. The client may hold you liable if you use their data outside of your legitimate business purposes, expose their data or lose their data.
You may not sell, rent or lease personal information to others. You may not store personal information outside of South Africa, without client consent. This includes applications such as OneDrive, iCloud, Dropbox. For all these applications, you need client consent.
WE’VE ASKED COMPLIANCE EXPERT AND CONSULTANT, MARTIE SCHOEMAN, TO EXPLAIN IN A NUTSHELL HOW THE NEW DATA PRIVACY LAW (POPIA) IN SOUTH AFRICA WORKS AND MORE SPECIFICALLY HOW IT WILL AFFECT WEBSITE OWNERS…
The Protection of Personal Information Act (POPIA) recently came into effect on 1 July. The Act is designed to protect your personal information and deliver your constitutional right to privacy.
The protection of personal information and data has become the object of global recognition. Also, in South Africa we experience the globalisation of economies, rapid expansion of technology, the convergence of information and communication technology, the expansion of the Internet and its ability to transfer information from one country to another. Now, in South Africa, information, including personal and sensitive information, is open to abuse. The POPIA aims to limit access to personal information as well as the way that it is processed. It is all about the protection of the individual and conforming to world standards of information protection.
In the end POPIA aims to ensure that information is collected, stored, processed, shared, and destroyed in a responsible manner. POPIA sets down eight conditions for lawful processing of personal information:
- Processing limitations
- Purpose specification
- Further processing limitations
- Information quality
- Security safeguards
What is personal information?
Personal information is everything regarding a living person or juristic person. This means that not only living people are included in the Act, but also deceased. Also included as a “data subject” or “person” are other businesses, estates, trusts, or any juristic entity.
Personal information means any of the following:
- Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
- Information relating to the education or the medical, financial, criminal or employment history of the person.
- Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier of the person.
- The biometric information of the person.
- The personal opinions, views or preferences of the person.
- Correspondence sent by the person that is of a private or confidential nature. This includes emails, Skype chats, Zoom meetings, WhatsApp messages, SMS’s, letters, notes, anything given to you by that person in confidence. (There are of course exclusions, such as legal prosecutions, etc).
- The views or opinions of another individual about the person.
- The name of the person if it appears with other personal information relating to the person.
If you collect any form of the above information through your website, you need to make sure that you do it in a manner that is in line with POPIA requirements. This affects you as a business and more specifically, a website owner, in the following manner:
MORE ABOUT MARTIE SCHOEMAN…
Martie has been involved in business management, policy and procedure development and compliance facilitation for the past 11 years. In her experience, she found the most "off-the-shelve" policy products and packages were hard to understand and impossible to implement. Therefore, Martie approaches POPIA compliance in a different manner… she believes that we first need to understand what is required from us as small businesses where after if you are provided with a comprehensive and understandable product, and then guided in implementation, the impossible becomes possible. She believes in full business solutions.
084 526 0071