POPI Act uncertainties linger

Read time 2min 30sec
Dr Danie Strachan, a partner at Adams & Adams.
Dr Danie Strachan, a partner at Adams & Adams.

There is still confusion among South African organisations in regards to the commencement date of the Protection of Personal Information Act (POPIA).

So said Dr Danie Strachan, a partner at law firm Adams & Adams, speaking this morning at the ITWeb POPI Update II 2017 conference at Summer Place in Hyde Park.

"There are still some misconceptions on whether the POPI Act is already in force. However, it is not yet in force and we still don't know when it will effectively commence."

Nonetheless, the South African Information Regulator previously indicated the effective date for full promulgation of POPIA will likely be early 2018, following which all organisations will have one year to become compliant.

According to Strachan, certain provisions came into effect on 11 April 2014.

POPIA was signed by the president on 19 November 2013 and published in the Government Gazette on 26 November 2013. On 10 May 2016, the Portfolio Committee on Justice and Correctional Services shortlisted five candidates for the office of Information Regulator.

On 17 May 2016, former IEC chairperson, advocate Pansy Tlakula, was recommended as chairperson of the newly-formed Information Regulator, and her appointment was confirmed by the president on 26 October 2016.

On 26 October 2016, the president, in terms of section 39 of the Protection of Personal Information Act, 2013 and on the recommendation of the National Assembly, appointed members of the Information Regulator with effect from 1 December 2016.

According to the office of the regulator, the regulations pertaining to the Act will be tabled before Parliament by the end of the year.

Explaining when POPIA applies, Strachan said it comes into play when organisations are processing information.

However, he pointed out there are some instances where the law does not apply. For example, he said keeping someone else's personal information like birthdays in a diary or an address book cannot be deemed an offence under POPIA.

As another example, he said CCTV footage for home security, if it covers an even partially public space, cannot be regarded as purely personal or a household activity. In public offices like Cabinet and courts, POPIA also does not apply, said Strachan.

POPIA also gives provisions for journalistic, literary or artistic purposes, he pointed out.

Describing what personal information is, Strachan said it is information relating to identifiable, living, natural person or existing juristic person, including race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth.

Education or medical, financial, criminal or employment history are also regarded as personal information.

Have your say
Facebook icon
Youtube play icon