The Protection of Personal Information Act 4 of 2013 (“POPI”) was signed into law on 19 November 2013. Since then, POPI has consistently attracted media attention. And this shows no sign of abating now that it is expected that POPI will finally come fully into effect early in 2018. This means that most businesses can no longer delay in preparing themselves to meet the demands of POPI.
POPI in requires entities and persons who store, use and destroy personal information to protect such information and to keep it private and confidential. The entities and persons who carry this responsibility are termed “responsible parties”.
The integrity of the information stored by responsible parties is also important, since data that is of a sub-standard quality may negatively affect the person to whom it relates (the “data subject”). This means that the quality must be acceptable and that such data must be maintained to meet the requirements of POPI.
Although POPI does not provide detailed specifications for what is standard or sub-standard data, it does oblige responsible parties to take reasonable practicable steps to ensure that all the personal information which they collect is complete, accurate and not misleading. If for example you store copies of clients identity documents, should the quality of such document be so poor that it is not legible or the person cannot be identified, the data (namely the identity document) would then be sub-standard, particularly if the reason for the collection, which may relate to being able to identify the person from the identity document, is taken into account.
Responsible parties also carry the obligation to ensure that personal information is up to date. If you have outdated contact details of a client, such outdated contact details may make it difficult to meet other reporting obligations, communicate effectively with the client or forward client details to other parties who needs such information to provides support or services to a client.
Responsible parties must accordingly also ensure the integrity of their data and that such remains intact over time, particularly considering that data can change or deteriorate over time, thereby, impacting the quality of the data.
Businesses are advised to prepare timeously to meet the demands of POPI and make sure that the help of a specialist is enlisted to carefully assess the business and how to align such to ensure full POPI compliance.