The right to privacy is enshrined in Section 14 of South Africa’s Constitution and we understand it to be a vital human right. It states:
“Everyone has the right to privacy, which includes the right not to have –
(a) their person or home searched;
(b) their property searched;
(c) their possessions seized;
(d) the privacy of their communications infringed.”
It’s the last part of the abovementioned list that has become a growing concern. All around the world more and more focus is being placed on protecting private information as countries and governments are setting new laws to ensure the safety of their citizen’s information online.
In an age where information is growing at an exponential rate, no digital exchange of information can be left unprotected. For this reason, the Protection of Personal Information (POPI) Act was created and came into full effect on the 1st of July 2021.
Non-compliance with the POPI Act’s regulations carries hefty fines, but as with most regulatory pieces of legislation, compliance is more than just a box to tick. Let’s consider why personal information should be protected:
Protection of data is very much a protection of the information that people hold as important. By capturing, storing, and processing personal information, you are essentially guaranteeing the confidentiality of your transactions with the other party.
Confidentiality is built upon when you can guarantee that none other than you yourself are able to access and process the information you store. Having a secure database stored with good encryption on your servers is a good way to keep to the promise of security you give to your customers/clients.
In a similar vein, data protection ensures that data remains accurate and integrous. Your customers/clients need to be sure that all their data is current and accurate, and that no manipulation of the data can take place.
Furthermore, to ensure the integrity of information, the data needs to be frequently backed up while remaining synchronous (i.e. whenever a change is made that change must reflect in the backup in as little time as possible).
Safeguards can also be put in place to ensure that no data is duplicated or stolen.
With regard to information storage and access, trust is built when your data subjects know that their data will always be available when and where they need it. Readily available data and the ability to request changes to the data with little to no delay are ways to build trust and assure data subjects that you are handling their data ethically.
At the end of the day, how you handle information is a question of ethics. What the POPI Act brings is a sense of relief in a modern age that there will be repercussions for the mismanagement of data and that there is greater regulation of data management.
The POPI Act offers the everyday consumer more protection against unwanted marketing and unethical data practices — practices that had previously been allowed to go on for too long. For those who are still lagging behind, failure to become fully POPI Act-compliant will hold serious consequences.
To ensure that your data processing matters are in order, contact your trusted adviser to assist you with the compliance journey.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your adviser for specific and detailed advice. Errors and omissions excepted (E&OE).