POPI: Are you compliant?
Do you keep or use records of people’s personal information? Did you know that even a short list of names and contact details are considered personal information and is subject to the Protection of Public Information (POPI) Act?
It is time for everyone in South Africa to make sure they comply with the POPI Act which will most likely be coming into effect in 2016. Once an information regulator is appointed the President will announce commencement date for the Act. We will all then have one year grace to become fully compliant.
Do not waste time. Get ready now. It is going to take time and effort to make sure you have systems in place to makes you handle personal information correctly.
To help you become compliant, we have compiled a list of key points to consider as you adjust your internal processes.
- Clients have to “opt in” i.e. agree to the use of their information for a specific purpose. You may only use the information for that particular purpose. For example, if someone has given you their information as part of an insurance claim, you cannot use that same information to market products to them, unless they have agreed, or opted in.
- Take a closer look at how you work with personal information in your company. Do you take proactive steps to keep the information safe? Make sure you set up systems to prevent this information from being lost, changed or stolen.
- Let clients know when you are working with their personal data and whether they have a legal right to deny access or whether the use of their information is obligatory. If they have the option to opt out they must be given the opportunity to do so.
- When you collect personal information, always ensure that you clearly define the legal purpose and precise way this information will be used. Then make sure this protocol is strictly followed.
- Once the POPI Regulator has been established you have to ensure you keep it informed of your activities when you are processing personal information.
- If you process personal information, you are obliged to give the concerned people free information on request. They have a right to know what information of theirs is being used, who is using it and to what purpose.
- If personal information has been gathered with the relevant permission, and processed for a particular purpose it cannot be processed again for another purpose.
- When you send or receive personal information to or from a foreign country you must make sure you consider and adhere to all the pertinent information laws of the country concerned as well as those outlined in the POPI Act.
- When you process personal information, you have to ensure the data is up-to-date and accurate.
- When processing personal information you are only legally allowed to keep the information for the time it takes to complete the specific process for which the information was needed. If you need to keep a record of actions taken or decisions made about the person then you may store the information for that purpose only.
- Created on .
- Hits: 1567