What is Popi?
GUARDING PERSONAL INFO: PROTECTING CONSUMERS AGAINST INTRUSION
General consensus is that enforcement begins this year.
The advancement of technology has significantly improved our lives, but in the midst of all the good, technology has also brought some baggage with it, such as privacy infringement. There has never been a time nor a mechanism in history that is more intrusive than technology. Social media, e-mails, cellphones, viruses, hacking and more have invaded our privacy in some way or another.
Therefore, governments around the world have put in place laws that attempt to protect their people from the probing eyes of technology; one such law in South Africa is the Protection of Personal Information Act (Popi). As the name suggests, it is an Act that tackles the fundamental mechanism used to facilitate intrusive behaviour, which is personal information. How many times have you received unsolicited emails and the first question you ask yourself is how did they get my email address? Therein lies the problem: our personal information is easily accessible and is being passed around for marketing purposes, for example. Without our personal information there is very little anyone can do to invade our privacy.
Therefore the Act puts in place measures that attempt to stop the dissemination of personal information. In particular it constantly speaks of a responsible party, referring to the organisation that collects personal information from people. It is no secret that businesses hold the bulk of people’s information, outside of government of course.
Therefore the Act does two things. First, it speaks to organisations that collect personal information from employees, suppliers, customers etc and charges them with the responsibility of protecting and not sharing that information with any third party without the consent of the owner. This has massive implications on direct marketing for example, because the Act prohibits unsolicited electronic communication such as bulk SMSes, automatic calling machines or emails without the recipient’s consent.
Second, the Act places some responsibility on the people encouraging us to be aware of our rights such as the right to demand our personal information be deleted from an organisation’s storage after our dealings are concluded.
Do not for a second assume the Act only affects big business. Every individual or organisation that collects personal information is affected. Therefore in next Saturday’s issue I shall dissect the Act in more detail and what it means for a small business.
The Act was signed into law in 2013; however, organisations were given a grace period while certain details were being ironed out and the general consensus is that enforcement of the law begins this year. Therefore time is of the essence for businesses to make the necessary adjustments to be compliant.
Munya Duvera is CEO at Duvera Elgroup