By Melodie Veldhuizen
People regularly get phone calls from unknown numbers, with people who without want to introduce you to a service or product out of the blue. Or your email or phone is swamped with unwanted emails (usually junkmail) or SMSs. You could perhaps have been the victim of identity fraud.
The good news is that the POPI Act (Protection of Private Information Act), which was already promulgated by the government in 2013, was approved on 22 June 2020 and came into effect on 1 July.
The purpose of the POPI Act (Act 4 of 2013) is to protect you as consumer against, inter alia, theft of money and identity by preventing your personal information from landing in the wrong hands. In short, what it amounts to is that a responsible party must protect the integrity and confidentiality of personal information in his possession or under his control by introducing applicable, fairly technical and organisational measures.
The POPI Act applies to everybody who processes any type of records that contain personal information of people. It therefore lays down the minimum standards for the protection of personal information. Processing comprises the collection, receipt, recording, organising, retrieval or use of such information. It also includes the distribution and release of such information (free of charge or against payment).
Here are some questions and answers regarding the POPI Act:
What is regarded as personal information?
In terms of the POPI Act it is data that can be used to determine your identity. This includes, but is not limited to: race; gender; pregnancy status; marital status; nationality; ethnical group; social origin; skin colour; sexual orientation; age; physical or mental health; disability; religion; religious persuasion; cultural, language, educational, medical, financial, criminal or occupational history; identity numbert; email address; residential address or residential area, postal address; vehicle registration number; banking details; telephone number; biometrical information and your personal opinion or likes and dislikes.
How does POPI legislation affect businesses?
The Act obliges all businesses to protect the personal information of clients and employees. POPI applies to literally everybody who processes personal in formation, but especially to companies such as banks, insurance companies and medical companies who handle large volumes of clients’ personal information.
How does POPI regulate businesses that buy personal information and then resells it to other parties?
It has long been illegal to buy and resell personal information. However, consumers will now have more access to information and better control over their personal information. There will also be far-reaching consequences for businesses that make themselves guilty of this:
- Their reputation will be compromised.
- They will use clients and not attract new ones.
- They will have to pay clients damages.
- Fines and even imprisonment will be imposed on business owners concerned.
Are companies obliged to tell consumers where they got the information?
In terms of section 45 of the Electronic Communications and Transactions Act (Act 25 of 2002) companies are obliged to tell consumers where they obtained the personal information. POPI is withdrawing this section but requires parties concerned to be transparent regarding the processing of this data and to allow the individual a say in the way in which this personal information is processed and among whom it is distributed.
How can you as a consumer protect your personal information and have it removed from the companies’ lists?
There are various steps that consumers can take to protect their personal information:
What effect will the POPI Act have on electronic marketing?
Currently anybody can market services and products to you and you have the choice not to accept it or to opt out. They may therefore send emails until the recipient indicates that he no longer wants these emails. Under the POPI legislation companies may only send you emails when you give them permission to do so. You will therefore receive one email and nothing thereafter, unless you give them permission.
Should marketers obtain permission in terms of the POPI Act to contact consumers who have been on their contacts list for a long time?
No, if you gave permission before POPI and never opted to sign out you have no right to prosecute them if they still do it. However, you still have the choice to say that you do not want to receive communication anymore.
What other legislation in Soutj Africa regulates people’s privacy?
Although POPI will be the primary legislation on the protection of information, it is not the only law. Other acts regarding the protection of people’s information will have to comply with the regulations in the POPI Act. The following existing act will remain valid but will have to be amended to make sure that they are compatible with POPI and that there is no duplication. The relevant acts are as follows:
- the Electronic Communications and Transactions Act
- the Promotion of Access to Information Act
- the National Credit Act and Consumer Protection Act
Media Update. https://www.mediaupdate.co.za/marketing/146322/understanding-the-popi-act-10-faqs-answered
South African Government.
South African Government. https://www.gov.za/documents/protection-personal-information-act
POPI Act Compliance. https://www.popiact-compliance.co.za/popia-information/12-information-regulator