The Protection of Personal Information Act
The Protection of Personal Information Act, No 4 of 2013 promotes the protection of personal information by public and private bodies.
WHEN DOES POPI COME INTO EFFECT?
- The Protection of Personal Information (POPI) Act was signed into law by the President on 19 November and published in the Government Gazette Notice 37067 on 26 November 2013.
- Once the Act is made effective, companies will be given a year’s grace period to comply with the Act, unless this grace period is extended as allowed by the Act
- The President has signed a proclamation declaring some parts of the Protection of Personal Information Act No 4 of 2013 effective from 11 April 2014
- It is anticipated that the Information Regulators office will be setup very soon and start issuing codes of conducts for industries to comply with
WHAT ARE THE KEY OBLIGATIONS OF A COMPANY UNDER POPI?
- OPENESS: A data subject must be given access to their information if requested
- ACCURACY: Ensure you keep the data subjects data up to date
- SECURITY: Ensure measures are put in place to keep the data subjects data secure
- STORAGE: Only store the data for the time it takes to complete a specified process
- PURPOSE: Only use the data for the purpose it was collected for and for the consent type given
- PERMISSION: Only store the data for the time it takes to complete a specified process
WHAT IS PERSONAL INFORMATION?
Age, sex, birth date, etc.
Employment, educational, financial, criminal
Email, telephone, address etc.
Opinions of and about the person
Biometric information Blood type etc.
WHAT IS PROCESSING?
Processing broadly means anything done with the Personal Information, including:
WHO IS THE INFORMATION REGULATOR AND WHAT ARE ITS POWERS?
The Information Regulator is a juristic body that will be appointed in terms of POPI and will have wide ranging powers and duties including:
Educate the public about POPI
Monitor and enforce compliance
Handle complaints about alleged violations
Attempt to resolve complaints by means of dispute resolution mechanisms such as mediation and conciliation
WHAT SHOULD YOU DO NOW?
- Password protect all agreements that have personal information in them before emailing
- Make sure you have a system to track all opt-in and opt-outs
- Make sure you have a system that allows you to delete a consumer record if a consumer requests same
- Make contact with all contacts in your database with the objective of getting an opt-in from each contact
- Make sure you have a process that keeps your database up to date
- Make sure you change your passwords to any systems you use that store consumer information so that you avoid any loss of data
- Make sure that if you are using cloud based solutions that your service providers servers are located within the borders of South Africa and your data does not cross the borders of South Africa
HOW CAN YOU GET CONSENT FROM YOUR CONTACTS (OPT-IN)
- It terms of Section 69 of the bill, POPI applies to electronic communication that refers to SMS and Email in the POPI definitions
- Regular Person to Person (P2P) telephone calls are not included
- This means you have the option to call each data subject (contact) once, to ask for consent.
- You may only call data subjects who have not already opt-d out
- You need to be transparent in your request for consent and ask for permission to send marketing/suburb related information by email or SMS from time to time
- Then you need to make use of a system where you can record the consent obtained (opt in or opt out) so you can demonstrate you have taken every reasonable step to comply with the POPI Act
WHAT IF YOU DON’T GET CONSENT?
- Simply put. You will NOT be allowed to send out any Email or SMS to a data subject without consent being obtained
- Your database will be worthless if you can’t engage with your contacts
- You face massive fines and/or jail time for non-compliance
- You face reputational damage
WHAT IS THE SANCTION FOR NON-COMPLIANCE WITH POPI?
Non-compliance with the Act could expose the Responsible Party to a penalty FINE OF R10 MILLION and / or imprisonment of up to 10 years!
- MYCE will give you a pre-populated database that you can start calling to obtain consent
- MYCE will keep your database enriched each month to keep your database up to date
- MYCE has a full POPI management module so you can record all your opt-in/opt-out
- MYCE audit trails all your activity so you can demonstrate you are complying the act
- MYCE only uses local servers so your data does not leave South Africa
- MYCE is only accessible with unique usernames and passwords chosen by the user so your data is stored securely
- MYCE has a easy to use function to delete contact records if you get a request from a data subject
Opt-d out contacts are automatically excluded from any marketing communication to avoid any reputational damage and ensure compliance to the Act
8000 homeowners were surveyed in 2017 by The National Association of Realtor’s (NAR) Profile of Buyers and Sellers report. All of them had bought…
Repeat customers are great. They refer more often and they’re less likely to try pay less than your asking price. It’s also easier (and cheaper) to maintain client relationships than it is to consistently acquire new customers. Here’s how you can make the most of your past clients.
Beyond making you memorable, being active and visible in your community will give you expertise that your prospects wouldn’t be able to get anywhere else.