New Act promises privacy protection
The right to privacy is however limited by public interest and the right to public information, which includes information shared to combat or prevent crime.
BUSINESSES who act irresponsibly with regards to the protection of clients’ personal information, will soon face hefty fines – and even imprisonment – once the Protection of Personal Information (POPI) Act is implemented.
The act was Gazetted in November 2013, but commencement is expected in July, whereafter public and private bodies will have one year to comply with its stringent measures.
The purpose of the Act is to ensure that institutions protect the constitutional right to privacy when collecting, processing, storing and sharing personal information, regarded as ‘precious goods’.
The right to privacy is however limited by public interest and the right to public information, which includes information shared to combat or prevent crime.
Individuals and legal entities may choose when and how private information is shared, the type and extent of sharing, transparency and accountability on how data will be used.
It includes right of access to your own information and the right to have your data removed or destroyed.
Sufficient measures and controls to track access must be put in place to prevent unauthorised access, even within the same company.
Personal information include identity and passport numbers, birth date, age, race, gender, nationality, phone numbers, e-mail and physical addresses, and Online/Instant messaging identifiers.
Also included are photos, voice recordings, video footage (also CCTV), biometric data, relationship status, employment history, salary information, education information, medical history, blood type and details of membership to organisations or unions.
Individuals must protect their own information and cannot hold companies responsible if they themselves have shared that same information on social media platforms or public directories.
The right of protection extends to an entity’s own employees, suppliers, vendors, service providers and business partners.
Ignorance of the law is no excuse and you could be breaking the law by synchronising contacts on your phone, sending an email with sensitive content and taking or sharing a video or photo.
Penalties include fines or imprisonment not exceeding 10 years or both for obstructing the Regulator, fine or imprisonment not exceeding 12 months or both for breach of duty of confidentiality, obstruction of a warrant or a false statement.
A fine not exceeding R1-million or imprisonment not exceeding 10 years or both can be given for unlawful acts by responsible parties or third parties in connection with unique identifiers and failure to attend or produce evidence before the Regulator or Enforcement Committee.
