The Protection of Personal Information (POPI) Act explained
What is POPI:
In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way. The PoPI legislation basically considers your personal information to be “precious goods” and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control over:
Examples of “personal information” for an individual could include:
It must however be noted that some personal information, on its own, does not necessarily allow a third party to confirm or infer someone’s identity to the extent that this information can be used/abused for other purposes. The combination of someone’s name and phone number and/or email address for example is a lot more significant than just a name or phone number on its own. As such the Act defines a “unique identifier” to be data that “uniquely identifies that data subject in relation to that responsible party”.
We have to accept that we now live in an information age and along with this progress comes the responsibility for each person to take care of and protect their own information. Do not accuse someone else of sharing or compromising your personal information when you publish the very same information on public services like Facebook, LinkedIn, Google+ or public directories. Modern technology makes it easy to access, collect and process high volumes of data at high speeds. This information can then be sold, used for further processing and/or applied towards other ends. In the wrong hands such an ability can cause irreparable harm to individuals and companies. To protect your right to privacy and abuse of your information, data protection legislation is necessary even if it means imposing some social limits on society to balance the technological progress. So remember: The PoPI Act cannot protect you if you do not take care to protect yourself.
It is important to note though that this right to protection of “personal information” is not just applicable to a natural person (i.e. an individual) but any legal entity, including companies and also communities or other legally recognised organisations. All of these entities are considered to be “data subjects” and afforded the same right to protection of their information. So this means that while you as a consumer now have more rights and protection, you and your company/organisation are considered “responsible parties” and have the same obligation to protect other parties personal information. As a company this would include protecting information about your employees, suppliers, vendors, service providers, business partners, etc.
The PoPI legislation is not a rare or unique phenomenon to South African law. Many countries have similar legislation in place to protect the personal information of their “data subjects”, including rules and regulations for international (cross-border) transfer and sharing of data. The general consensus seems to be that, apart from an unrealistic implementation period of one year and some practical implementation challenges, the PoPI Act is well thought out and it borrows from the “best of” other similar international laws, learning from their mistakes and shortcomings.
The Heather Park Neighbourhood Watch is mindful of our obligations under the POPI Act and as such we employ best practices when it comes to the storing and safeguarding of our member’s personal information.
For more information, please feel free to contact our secretary by clicking on our Contact Us page.
The original act can be accessed here: