Bill aims to protect South Africans from prying eyes
Businesses will need to comply with Protection of Personal Information Bill provisions, writes Wyndham Hartley
AMID the vocal protest and fury over the “secrecy bill” another protection of information bill has been crafted to protect South Africans from identity theft and unwanted electronic marketing.
The Protection of Personal Information Bill has been a number of years in the making in Parliament’s justice committee. It has been approved by the National Assembly and awaits processing by the National Council of Provinces.
The bill seeks to create a regime by which institutions such as banks, insurance companies and other businesses must manage the personal information of their clients.
A key provision is the removal of the so-called negative approval under which electronic marketers operate. At present they can send SMSses and e-mails requiring the individual to “opt out” for the unwanted messages to stop.
The new provision will allow one message to be sent and if the recipient does not respond positively they may not send another.
Democratic Alliance MP Dene Smuts, speaking during the second reading debate on the bill, quoted a PWC report as saying: “Open any newspaper or news website, and the chances are you will find a report on someone’s right to personal privacy being infringed, or yet another intrusion through an organisation’s security systems with credit card or other financial information being stolen.
“With the rise of free flow of information over the internet, the popularity of social media, increasing ID theft and other intrusions, governments worldwide have become increasingly concerned with the purposes for which organisations collect personal information, why they keep it, and how they protect it.
“The position in SA is no different, and consumers should be welcoming the impending Protection of Personal Information Bill.”
Ms Smuts said while there were disadvantages in lagging other countries in adopting privacy legislation, “one major advantage is that SA’s legislators have been able to draw on the models developed and experience acquired in other countries, selecting the best of the best for our privacy legislation. The challenge for organisations, how- ever, is that complying with the requirements of the bill is going to have a significant impact on the way they do business.
“I am afraid a significant impact is what is called for, on businesses both big and small. Our e-mail addresses, cellphone numbers, transactional history and financial details are constantly offered for sale. One seller of lists told prospective buyers: ‘remember you own the data once purchased, so you can even resell it to get your money back once you have used it’.
“That is why we constantly receive unsolicited calls and electronic messages which someone, somewhere has matched to a profile which should only be created on the basis of information given with your knowledge and consent.”
Commenting earlier this month on the impending approval of the bill, Gianmarco Lorenzi, MD of Cleardata, a group company of JSElisted Metrofile Holdings, said: “With the Protection of Personal Information Bill expected to be promulgated this year, the focus on protection of consumers’ personal information is becoming increasingly important for the local banking sector, which handles and stores thousands of clients’ personal information on a daily basis.
“While head office may already be working closely with legal teams to ensure compliance, they may be forgetting about an often overlooked aspect of the organisation — its network of branches across the country. It is imperative to ensure that regulatory requirements extend to all areas of the organisation, regardless of their location, as noncompliance with legislation governing data protection branches could potentially lead to the downfall of the organisation.”
Mr Lorenzi said that the new law would require businesses to securely store, manage and dispose of personal information. “Every company that has access to personal information relating to their employees or clients has a responsibility to dispose of that information in a proper manner. Risks are faced by all industries. However, financial institutions such as banks are faced with an even greater risk due to the vast amount of personal information they have relating to clients.
“Companies can be held liable for identity theft if a client’s information falls into the wrong hands. Casually discarding information shows a callous disregard for customer and shareholder interests.”
When introducing the bill, Justice Minister Jeff Radebe said that it would make a difference to the information security of South Africans but said the right to privacy was not absolute. “In protecting a person’s personal information, consideration should be given to competing interests such as the administering of national social programmes, maintaining law and order, and protection of the rights, interests and freedoms of others.”