The purpose of the PoPI Act is to ensure that South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way, viewing your personal information as something of “precious” value.
The POPI Act has been effective since 11 April 2014 and has caused a lot of controversy both nationally and internationally with the latest being the battle between the FBI and Apple, arguing the importance of guarding private data. In light of the POPI Act, companies should become more aware of the ways that they manage their documents throughout its lifecycle within their company, as mismanagement of documents could result in legal or criminal action being incurred against the company.
Some important steps to take to help your becomes become compliant are:
- Making sure you read the POPI Act with special focus on chapter three, which outlines the conditions for lawfully processing personal information.
- Note the type of personal information you collect and the manner in which you process this information
- Take a look at how access to information is controlled in your business from receipt of the information, throughout the document life cycle
- Ensure that you have put proper security measures in place on printers, network PC’s and document management systems to reduce chances of security breaches
Information that the POPI Act relates to is any information that discloses personally identifiable information such as:
- Identity Documents
- Phone Numbers
- Email Addresses
- Physical Addresses
- Financial Information
- Education Information
- Gender, Race & Ethnicity
- Photos, Videos, etc.
- Private Correspondence
- Employment History and Salary Information
This POPI Act applies to both living natural persons and juristic persons (companies, CC’s etc.)