Subscribe

Privacy does not extend online

Nicola Mawson
By Nicola Mawson, Contributor.
Johannesburg, 25 Jun 2014

Consumers who post private information online and on social media networks cannot expect to be protected when the Protection of Personal Information (POPI) Act comes into effect.

This is according to Lucy Phillips, director of Consilium Legal Services, addressing delegates at the ITWeb Social Media Summit 2014, in Bryanston, today. According to the Act, personal information is anything that identifies a person, and includes aspects such as identity numbers, race, religion and names, she notes.

However, if people put information out in public, through social media or other Web sites, the information ceases to be personal, says Phillips. She notes this is why people need to be careful about what they put out there.

Phillips explains the information posted online can be legitimately mined and used for direct marketing purposes.

POPI is SA's first consolidated piece of legislation that deals with under what circumstances information can be collected, for what reason, as well as how it must be stored and destroyed. It is also expected to cut down on spam because it creates an opt-in regime, which differs to other current legislation.

Motivating factors

Phillips says companies will need an express reason to collect information that is private, and also have a reasonable duty to keep that data up to date. She adds companies will need to interrogate their databases once the law comes into effect to determine how the data was collected, and why they have it.

Currently, there is no clear indication as to when the law will come into effect, as president Jacob Zuma still needs to provide an implementation date, although Phillips expects it will come into operation next year. After that, companies will have between one and three years to comply.

The law also creates the office of the Information Regulator, which can fine companies up to R10 million, or impose a jail term on the companies' information officer, in the event of a breach of data.

Although the regulator's powers have yet to be seen, Phillips says the office is likely to take a dim view of companies sharing information among sister entities. However, information posted online can be used by sites for targeted advertising, as long as there is no direct communication, she adds.

Share