POPI refers to “Protection of Personal Information” Act. The purpose of the Act is to regulate the processing of personal information. Personal information broadly means any information relating to an identifiable, living natural person or juristic person (companies, CC’s etc.) and includes, but is not limited to;
- Contact details: email, telephone, address etc.
- Demographic information: age, sex, race, birth date, ethnicity etc.
- History: employment, financial, educational, criminal, medical history etc.
- Biometric information: blood type etc.
- Opinions of and about the person
- Private correspondence etc.
Processing broadly means anything done with the Personal Information, including collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).
Some of the obligations under the POPI Act are to:
- Only collect information that you need for specific purpose
- Apply reasonable security measures to protect it
- Ensure its relevant and up to date
- Only hold as much as you need, and only for as long as you need to
- Allow the subject of the information to see it upon request
Non-compliance with the POPI Act could expose the Responsible Party to a penalty of a fine and / or imprisonment of up to 12 months. In certain cases the penalty for non-compliance could be a fine and/or imprisonment of up to 10 years.
By Dave Lake – Managing Director