SA readies for privacy law
The Protection of Personal Information (POPI) Bill has been tipped by industry players for official enactment by the end of the year. This is a development expected to be revolutionary for SA's technology legislation and experts advise that businesses become acquainted with the pending law.
Legal experts, who have welcomed the Bill, say the implications of POPI are far-reaching, with both corporates and consumers coming into the equation. Cliffe Dekker Hofmeyr business law firm recommends that anyone with a stake in the processing of information get a head start and familiarise themselves with the law.
Simone Gill, director in the technology, media and telecommunications practice at Cliffe Dekker Hofmeyr, says the Bill will impose a number of “stringent obligations” on all persons who process personal information in any manner.
Processing of information, explains Gill, is defined under the Bill to include the collection, receipt, recording, organisation, collation, storage, updating, alteration or modification, retrieval, consultation, use, dissemination, distribution, merging, link, erasure or destruction of personal information.
She says anyone who processes personal information must take appropriate measures to ensure the integrity and confidentiality of personal information is maintained, including taking “appropriate, reasonable, technical and organisational measures” to prevent loss or unauthorised destruction of, damage to and unlawful processing of personal information.
Gill says it is essential for anyone who processes personal information in any manner, to embark on awareness workshops and detailed due diligence exercises to assess their level of compliance with POPI now. Should individuals or companies fail to comply once the Act is promulgated, she says, criminal sanction and/or civil liability will result.
Dene Smuts, Democratic Alliance (DA) shadow minister of justice and constitutional development, says the Bill - which has been “a long time in the making” - should be heeded by business - big and small - and welcomed by South African consumers.
“With the rise of free flow of information over the Internet, the popularity of social media, increasing ID theft and other intrusions, governments worldwide have become increasingly concerned with the purposes for which organisations collect personal information, why they keep it, and how they protect it. The position in SA is no different.”
Smuts believes legislators have produced a law that will serve SA's people well.
“The Bill will be welcomed by everyone who is drowning in the daily tide of spam that washes into our inboxes. We have finally done what Internet service providers and e-commerce entities encouraged us to do even in 2002, when the Electronic Communication and Transaction Act was written: we have moved away from the opt-out position under which you have to refuse a direct marketing offer, or suffer the incoming spam, to an opt-in regime.”
The Wireless Application Service Providers' Association (WASPA) says POPI is the first piece of legislation in SA that prescribes opt-in for direct marketing communications, and could significantly reduce the amount of unsolicited electronic advertising received by consumers.
WASPA says that, while its code has made provision for opt-in from 2006, “POPI will now ensure the requirement applies to all companies”.
Smuts says the DA wants all the benefits of computerisation to be realised in SA, including e-commerce.
She says the business benefits of adherence to privacy rules - including that of return on investment - are vast. “POPI value for a brand is incalculable, just as its opposite incurs reputational and monetary loss.”