Johannesburg, 11 Apr 2011
SA has become a country where individual details are freely passed around and traded for a variety of reasons, including marketing, and this violates individuals' constitutional right to privacy.
This is according to Dean Chivers, director of tax and legal affairs of Deloitte, commenting on the imminent Protection of Personal Information (PPI) Act.
To find out if organisations have a clear understanding of the repercussions of this proposed law, ITWeb in partnership with Deloitte will be running the PPI Act survey.
Chivers points out that data privacy is a reality of the modern world. “While compliance will involve very significant effort, we encourage companies to see it as an opportunity to add value to their business.
“By way of example, significant value can be driven out of a detailed data analysis exercise,” says Chivers.
The Act applies to all businesses that process personal information such as names, addresses, e-mail addresses, ID numbers, employment history, health data and the like. Non-compliance with the provisions of the Act may result in criminal fines, civil liability and complaints to the regulator.
As expounded by the Act, it aims to: “Promote the protection of personal information processed by public and private bodies; to introduce information protection principles so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Protection Regulator.
“To provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision-making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.”
Chivers says this piece of legislation is important for SA as the country is increasing the amount of business with countries which have data privacy laws, such as the UK, Germany and Australia.
“Trade is certainly more difficult when SA's laws don't provide data privacy protection,” says Chivers.
“It will certainly help, as once we have adequate data privacy laws in effect, it becomes easier for foreign companies to exchange personal data with SA.”
Among other issues, he notes that the Act seeks to address unauthorised transfer of personal information, unsolicited marketing, holding of personal information in an insecure manner and cross-border flows of personal data.
Chivers also believes the Act will affect all companies to some extent, but will have the biggest impact on companies engaging in significant amounts of direct marketing, as well as those whose business involves dealing with personal information, such as in the insurance and health sectors.
“Electronic communication will be significantly affected. Direct marketing sent electronically will be affected, as will electronic security. Archiving will also need to be restructured, as personal information can't be archived indefinitely and reporting on personal information stored will be necessary.”
For companies to prepare for the PPI Act, Chivers is of the view that as a starting point, organisations should begin with appointment of a privacy officer, development of privacy policy and procedure, staff awareness and consolidation of data.
Click here to complete the survey.
Share