Popi to change the way SA firms handle your data

2014-02-03 14:01
Andrew Kirkland of Trustwave says that the Popi Act will force companies to ensure personal data fidelity. (Trustwave)

Andrew Kirkland of Trustwave says that the Popi Act will force companies to ensure personal data fidelity. (Trustwave)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - Personal data has become a must-have commodity and a new Act seeks to limit just how much personal data companies may share or retain.

The scenario is a common one that many South Africans experience: You get a call at the most inappropriate time; the caller knows your name and proceeds to try and sell you something.

When asked about where your details were obtained, the answers are often vague at best - usually citing some database of a company - one that you usually can't check while you're on the phone.

One of the responses to this kind of invasion has been the Protection of Personal Information Act, signed into law after several delays as industry players negotiated what constituted personal information.

Generally the act seeks to protect privacy as guaranteed in the South African Constitution, and the law notes that "the right to privacy includes the right to the protection against the unlawful collection, retention, dissemination and use of personal information" in its preamble.

Loyalty programmes

One of the most common ways that companies have been collecting personal data is by way of loyalty programmes, but the law prescribes that a clear distinction should be made on how this information should be secured.

"What Popi is aiming to achieve is for companies to classify their data and determine those elements that would fall into the Popi category. They would then need to go through the process of protecting or securing that data to meet this regulation," Andrew Kirkland, regional director for Trustwave Africa told News24.

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

The act prohibits the collection of information for the purposes of resale or trade, and also instructs those with access to personal data to ensure that the subject is aware thereof.

"Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party," the law says.

This would, for example, prohibit so-called raffles that record personal data which is then sold to third parties who can call or e-mail people with "special offers" or insurance products.

However, while different company departments may share data, the law takes a dim view on sharing data between subsidiaries.


"If by divisions you mean subsidiaries then this may be more of a challenge since I would expect that you would still need to get permission to use this information from the customer. I suspect the regulator will have to make a call on this if it's not that clear," Kirkland explained.

However, the regulator has not yet been appointed in terms of the legislation and it is therefore unclear how companies that flout the law will be penalised.

The act requires that personal data be deleted once the objective has been achieved and if statistical information of the data is required, the subjects must be informed and their consent requested.

Kirkland said that the appointment of a regulator to manage the compliance is key to ensuring that Popi pay more than lip service to the protection of personal information in SA.

"We are waiting for the regulator to be appointed to get a better understanding of this [company accountability]. Non-compliance will at some point be penalised but to what extent can only be speculated at this point."

- Follow Duncan on Twitter
Read more on:    trustwave  |  online privacy

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.