Law will limit the dis­clo­sure of your per­sonal data

Business Day - Business Law and Tax Review - - BUSINESS LAW & TAX REVIEW - Pa­trick Bracher

POPI com­pli­ance should be taken very se­ri­ously by those gain­ing the most from per­sonal in­for­ma­tion

MORE com­pli­ance costs and an­other reg­u­la­tor are coming your way with our new POPI pri­vacy laws. But don’t be scared into spend­ing too much on the pro­tec­tion of per­sonal in­for­ma­tion by prophets of doom who are of­ten just look­ing for more work.

The law of pri­vacy has been with us since Ro­man times. If you pos­sess pri­vate in­for­ma­tion about some­one else you should keep it pri­vate un­less you have the in­formed con­sent of that per­son. You only use it for the pur­pose for which you have con­sent and you do not use it af­ter that pur­pose has been ful­filled. Oth­er­wise the in­for­ma­tion may not be dis­closed un­less it is over­whelm­ingly in the pub­lic in­ter­est to do so.

That is what the Pro­tec­tion of Per­sonal In­for­ma­tion Act (POPI) will say although in much more elab­o­rate terms. POPI is not aimed at in­ter­fer­ing with nor­mal busi­ness re­la­tion­ships. It is mainly aimed at those who gather per­sonal in­for­ma­tion to use it for pur­poses such as mar­ket­ing their goods and ser­vices or sell­ing the data at a profit. If you are in that busi­ness you need to take POPI com­pli­ance very se­ri­ously.

The good news is that per­sonal in­for­ma­tion may be pro­cessed to carry out ac­tions in per­form­ing a con­tract. In most such in­stances there is an im­plied con­sent from the client or cus­tomer. The pa­tient whose doc­tor draws blood and sends it for anal­y­sis or e-mails a script to a phar­macy, by im­pli­ca­tion con­sents to pri­vate bi­o­log­i­cal in­for­ma­tion be­ing dis­closed. A cus­tomer who asks the bank to give a bank guar­an­tee by im­pli­ca­tion con­sents to the doc­u­ment be­ing sent to the cred­i­tor. There are mil­lions of daily ex­am­ples where POPI will not fet­ter your op­er­a­tions. The com­mon law will still ap­ply.

In ar­eas such as jour­nal­ism and artis­tic ex­pres­sion the pub­lic in­ter­est in free­dom of ex­pres­sion may over­ride a right of pri­vacy. Ex­hibit­ing the “Spear of the Na­tion” is not pro­hib­ited — even pri­vates may not be pri­vate.

When you con­sider your POPI re­spon­si­bil­i­ties, take a sen­si­ble view of the world of daily com­merce. POPI is not in­tended to shackle you tightly un­less your busi­ness is pro­cess­ing per­sonal in­for­ma­tion for gain. Sys­tems will have to be set up to en­sure in­for­ma­tion held by your busi­ness is pro­tected from ac­cess by oth­ers, but you may not have to break the bank to do so.

About 10 years in the mak­ing, POPI looks set to come into force this year — although af­ter 10 years who can be cer­tain? Once it is brought into force there will be one year in which to bring your in­for­ma­tion pro­cess­ing into line with the act. We also need reg­u­la­tions and the In­for­ma­tion Reg­u­la­tor needs to be set up. There is time for a sen­si­ble ap­proach, but start now.

Pa­trick Bracher is a di­rec­tor at Nor­ton Rose SA.

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.