Facebook was a big one, wasn’t it? The social media giant came under some serious scrutiny and a barrage of negative press when the story about third-party App developers siphoning members’ personal details broke. But these seemingly random data hacks haven’t been isolated offshore incidents, have they? In South Africa, a major financial services company had to come clean in a prominent Sunday paper that they had been hacked, and sensitive policyholder information had been “compromised” (and by that we mean stolen).
As a consumer, how are you protected from this? How safe is your personal information, and are companies doing their best to safeguard you?
The Protection of Personal Information (POPI) Act is around the corner and has major implications for just about every business in South Africa. If your business has customers (and which business doesn’t have customers), you are in for a surprise because your data processes are going to be under a magnifying glass.
In a nutshell, the Act will force businesses to deal with customer information in a far more responsible way than they have been up to this point.
A bit of back story around POPI:
This type of consumer data-centric legislation has been around for a while (at least in first world countries) and back in 2005 the idea of POPI was being discussed in South Africa. In November 2013, the Act was finally signed off by our President, but things look a little delayed and 2019 might be when the Act starts baring its teeth.
As a business you will have 12 months to comply with the provisions of POPI or you will face stiff financial penalties.
As a consumer, this is what you need to know:
The main aim of POPI is to make sure that individuals know exactly what is happening with their personal information when they deal with a specific company.
That is about as plainly as we can put it.
And if you think about it, this legislation is necessary and long overdue.
Do you know exactly what is happening with your personal information once you’ve signed up for a new cell phone contract?
What happened to your personal information when you entered a competition online? Or applied for a personal loan online?
By the sheer volume of unsolicited marketing calls we all receive daily, it’s obvious that our personal information is being shared between companies – those we trust with our information and those looking to get their hands on it.
POPI aims to put this information sharing, without customer consent, to bed. For argument’s sake – if you sign up with a cell phone company, the ACT will impose on that cell phone company the following duties:
- What are they doing with your personal information?
- How is your information stored?
- How is your information being processed or shared?
- Why is your information being processed and shared and did you provide consent?
You can see that it’s going to be onerous for South African businesses to comply with the new legislation, but we don’t think the Government has a choice.
It’s far too easy for sensitive customer information to be shared and misused.
Let’s end off this blog post with 7 points you can take away:
Once POPI becomes law, South Africans will have to comply with 7 conditions:
- Personal information must be processed responsibly and only with the consent of the data subject.
- Personal information can only be processed for clearly defined and legal reasons.
- Personal information may not be re-purposed for secondary intent unless it’s compatible with the original purpose for gathering it.
- Data collectors need to look at processes that allow their data subjects to update their details.
- Data subjects need to be aware that individuals or entities are gathering their details.
- Personal information needs to be kept secure against theft, loss, modification, destruction or disclosure against the wishes of the data subject.
- Data subjects have the right to request whether their data is still being held, as well as whether any changes, modifications or deletion of their personal information have been made.
Until next time.
The Wise About Life Team