The Protection of Personal Information Act, which has been several years in the making, has finally been signed into law.
Elizabeth de Stadler, director at Novation Consulting, says while president Jacob Zuma has finally inked the legislation, he has yet to set a commencement date. Companies will have a year from that date to get their houses in order, she adds.
The law, first mooted in 2005, is SA's first consolidated piece of legislation detailing how individual and company information must be dealt with. It was finally passed by the National Assembly in August.
Based on the European data protection directive, the legislation will make sure personal information is processed in a way that accords with internationally-accepted data protection principles. There are strict penalties, not least of which is the damage a company's reputation can suffer if there is an information breach as these must be disclosed.
The law is also expected to cut down on spam, because it makes provision for an opt-in regime when it comes to electronic communication from companies. Businesses will be able to contact consumers, who are not already their clients, once to get their permission to send them direct marketing.
Law firm Michalsons has pointed out failure to comply with the law will have "significant consequences" and the risks entities face if they do not comply includes reputational damage, a R10 million fine, and a 10-year jail term, in addition to the danger of a civil suit.
Share