Popi and your business

CANDICE REYNDERS, associate, Phatshoane Henney Attorneys.
CANDICE REYNDERS, associate, Phatshoane Henney Attorneys.

Question:

I HAVE a small insurance brokerage firm with a number of private clients. To service my clients I have to obtain and keep personal information of them on file. Is Popi going to affect me and will I have to change the way I am currently dealing with my client information?

Answer:

The promulgation and phased implementation of the Protection of Personal Information Act 4 of 2013 (Popi), has many businesses wondering, as in your case, whether its commencement will affect the manner in which their business collects and stores the information of clients.

This concern is well-founded as Popi makes it clear that a failure to comply with it when fully operational, could result in hefty administrative fines as well as reputational risk due to non-compliance.

Popi has its roots in the Constitution and aims to promote the protection of the right to privacy with regard to the processing of personal information, and to balance this right against other rights, such as the right of access to information.

This includes the collection of personal information and the manner in which such information is used, processed and stored.

Popi applies to the processing of personal information by or on behalf of a responsible party by automated or non-automated means.

A “responsible party” is widely defined as “a public or private body or any other person who determines the purpose of and means for processing personal information”.

Popi goes even further by also including persons, termed “operators”, who process information on behalf of a responsible party in terms of a contract or mandate.

As a consequence, Popi therefore demands that, not only the responsible party, but also the operator which it mandates, must ensure that any personal information acquired is adequately secured and that there are strict measures that meet the requirements of Popi in place for the processing thereof.

From the broad definition of a responsible party as well as personal information, it is clear that your business will most likely be subject to Popi and you would need to ensure that how you deal with such personal information, is Popi compliant.

Fortunately, all of the provisions of Popi are not yet operational, and once they become operational, businesses will be granted a 12-month grace period to address their compliance.

But time flies quickly, and it would be advisable to use the available time wisely and not delay in obtaining help to conduct an audit of your business and establish whether you are Popi compliant or not, then determine what steps you can take to address any compliance issues and ensure that your reputation remains sound with clients by being fully compliant.

Lockdown For
DAYS
HRS
MINS
Voting Booth
Russia has approved a Covid-19 vaccine. Would you take the vaccine if it were available in South Africa?
Please select an option Oops! Something went wrong, please try again later.
Results
Yes I would
29% - 593 votes
No I would not
24% - 496 votes
I'd wait to see the outcomes first
47% - 968 votes
Vote
ZAR/USD
17.55
(+0.60)
ZAR/GBP
22.97
(+0.75)
ZAR/EUR
20.63
(+0.68)
ZAR/AUD
12.58
(+0.67)
ZAR/JPY
0.17
(+1.07)
Gold
1949.00
(-3.88)
Silver
26.93
(-7.29)
Platinum
946.98
(-3.75)
Brent Crude
44.95
(+1.33)
Palladium
2139.00
(-4.01)
All Share
57410.10
(+1.15)
Top 40
53067.04
(+1.20)
Financial 15
10179.24
(+2.84)
Industrial 25
75590.80
(+1.23)
Resource 10
59370.82
(+0.72)
All JSE data delayed by at least 15 minutes morningstar logo