New legislation and best practices impact how businesses handle the data they have stored - not to mention the risks involved. However, the spotlight should be on eliminating the dangers of storing and sharing information in a globally-connected business environment.
This is according to Johannesburg-based Leppan Beech attorney, Clinton Pavlovic, pointing to the upcoming Protection of Personal Information Bill which is being formulated by the South African Law Commission. It will address the need for better local legislation that protects citizens and complies with international standards.
He says the Regulation of Interception of Communications and Provision of Communication Related Information Act, 70 of 2002 was enacted for a different purpose than the one envisioned by the Data Protection Bill. "While RICA establishes principles, the interception of communications and related records, the Data Protection Bill regulates the use of information that is provided voluntarily by data subjects to organisations.
"The principles provide that the information given to organisations can only be used for the purpose that it was provided for. It must be possessed lawfully and the person must be given access to the information records held concerning him, and be allowed to correct any information regarding him."
He says while SA does have legislation that briefly deals with the protection of data, it does not come close to complying with the guidelines set out in the EU data protection directive. The Interception and Monitoring Prohibition Act, 127 of 1992 provides that no person can intercept communication that is transmitted or has been transmitted over a telecommunication line, or monitor a conversation. This Act does not, however, regulate information that is contained in databases and was not intercepted.
The Electronic Communications and Transactions Act, 25 of 2002 also provides for the protection of personal information. This, however, only applies to personal information that has been obtained through electronic transactions. The Act also provides principles that can be applicable for electronically collecting personal information, but subscribing to these principles is voluntary.
Similarly, the newly-enacted National Credit Act, 34 of 2005 provides for the confidentiality of information submitted to the credit bureau or anyone who receives, compiles, retains or reports information pertaining to a consumer or protective consumer under the Act.
The new Protection of Personal Information Bill addresses this lack of precise legislation. Amanda Louw, researcher at the South African Law Commission, stated: "The idea of the Bill is not to curtail the flow of information but to regulate it, to ensure data of individuals is protected."
Pavlovic adds: "This is not merely a matter of risk. For many local businesses, participating and competing in a global economy means being compliant with overseas regulations - or simply losing out on business opportunities."
Related story:
Hoarding data
Share