Protection of Personal Information Act
Understanding how the PoPI act protects private information.
Is your clients and employees’ personal information safe and secure?
The PoPI – Protection of Personal Information Act regulates the amount and type of private citizens’ information that your company may process.
When your clients and staff provide you with their personal information, it needs to be fully protected to ensure that their legal right to privacy is adhered to.
As a business you are required to comply with these constitutional obligations, and in this digital age you need to be fully prepared. Information flies around the internet faster than the speed of light, so you need optimal network support and security. The act regulates how companies and public bodies manage and protect personal information. These organisations are not allowed to sell private information for monetary gain, and there are strict guidelines in place that need to be adhered to when dealing with confidential data. PoPI was signed into law in 2013, but has yet to come into effect. Here’s what you need to know before it does.
What is PoPI?
PoPI is designed to regulate the processing of personal information. The act focusses on ensuring companies don’t retain, unlawfully gain, or gather excessive amounts of personal information to use or abuse for their personal objectives. Companies are required to show complete transparency when collecting and using data, and they are required to take full security measures to protect this collation of private data.
Signed into law on 9 November 2013 and published in the government gazette on 26 November 2013, the Protection of Personal Information Act is still coming into effect, but the consensus is that companies will be given one year’s grace in which to fully comply. There are penalties for non-compliance, which can hugely impact business operation. Now would be a good time to get your network and online security up to date.
Processing of personal information
There is a process that you need to follow closely to ensure that you are not breaching your clients’ personal right to information privacy. These obligations include:
- Gather only the information you require for a specific purpose.
- Apply full security measures to protect the information you acquire.
- Information needs to be up to date.
- Amassing information for future use is not allowed. Take what you need and use it only for the time period in which you need it.
On request, clients may have full access to their personal details that your company has on file. You are not allowed to release personal information that relates directly to your consumers. This includes:
- Unique identification – such as IDs, passport details etc.
- Full employment history, including financials, medical, etc.
- Contact details.
- Biometric data and information.
- Criminal records.
- Any opinions related to you.
- Private correspondence.
Your client and employees have a constitutional right to privacy, and your company is legally required to ensure they enjoy that right. To ensure your company is PoPI compliant, contact Evolv Networks, the network support and upgrade professionals who stay on top of regulations that apply to all digital networking.