The Protection of Personal Information (POPI) Bill will have significant impact on companies which collect and store data, including personal data of employees.
This is according to CRS Technologies' Dave Philp, who says the new legislation will mean that HR and IT departments will have to work together or fall foul of some very serious compliance requirements. “The POPI will afford people with more rights to privacy and has generally been welcomed by most civil society groups.”
He says the Bill has been drafted to protect individuals' right to privacy and introduces measures to regulate the collection, storage and distribution of personal information. “It should be seen in conjunction to our Constitution and the Declaration of Human Rights, and places SA in line with international privacy standards,” he adds.
However, he says POPI is set to cause some headaches for HR and IT departments and it would be wise for companies to begin thinking about what data they have, and how they can guarantee its protection.
Philp says the problem for companies creeps in when one examines how the proposed Bill seeks to administer these rights.
“The Bill envisages that regulation will take place through external enforcement by the Information Protection Regulator but also through the internal appointment, by both private and public bodies, of information protection officers and deputy information protection officers,” he says.
He adds that companies are obliged to notify the regulator before they commence with the processing of personal information and to furnish it with comprehensive details. This includes the purpose of the processing, a description of the categories of data subjects and of the information or categories of information relating to them.
“The Bill also contains particularly rigorous regulations concerning the processing of so called 'special personal information',” he points out. This is information concerning children; an individual's religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, or criminal behaviour. This will clearly impact on most HR departments, he says.
To add a further conundrum, he says, legal advisors warn that this proposed legislation will have to be read in conjunction with existing legislation such as the Promotion of Access to Information Act 2 of 2000, which has been enacted to ensure fair and reasonable access to information by interested parties.
Philps advises organisations which are unsure about this to call in an advisor or even conduct an external audit. “Just like our financial advisors tell us to run financial 'health checks' at the beginning of each year, your company should be examining existing IT and HR solutions and evaluating their efficacy.
“You will be surprised that with just a little effort, you can improve your operations and your bottom line.”
He says the POPI Bill should not to be confused with the proposed Protection of Information Bill, which is being hotly debated in the media. “The latter will see the State able to classify documents as 'sensitive' and incarcerate anybody found in possession of such information.”
Philps says it is clear that this POPI Bill, in whatever form it is enacted, will be burdensome to many organisations, and advises organisations to embark on some work beforehand to make future compliance a little easier.
Share