We’ve spoken to a lot of people about the Protection of Personal Information over the past few years, and during that time we’ve received a lot of questions. By sharing these questions, and our answers, we hope to shed some light on the fundamentals of this piece of regulation..
DISCLAIMER: We are not legal experts. Our guidance is based on practical experience by assisting other organisations, like yours, to get compliant. We always recommend that you retain legal counsel to advise on the legal aspects of the Act.
What does PoPIA stand for?
PoPIA is the acronym for the Protection of Personal Information Act, Act no 4 of 2013.
What is PoPIA?
PoPIA protects our Constitutional Right of privacy. It does so by introducing measures whereby personal information processing by organisations is fair, responsible and conducted in a secure manner.
The Act was signed into law in November 2013, with certain sections of the Act coming into effect on the 11th of April 2014. These include sections dealing with the establishment of the Information Regulator, the procedure for making regulations, and the nature of the regulations that the Information Regulator may make, amongst other things.
Why do we need PoPI?
With the advent of the internet, personal information has become increasingly accessible. The need for putting regulation in place to govern the access, use and storage of such information became apparent as the misuse and abuse of personal information started to occur.
This is not just a domestic issue. The protection of privacy is a global issue and stringent protection thereof is now the international norm. In Europe, Canada, and Australia and – to some extent the United States of America – this has been the case for more than 15 years. By introducing PoPIA, South Africa is moving closer to the global acceptable standard. The South African privacy legislation is in fact based on the privacy guidelines of the European Union. Ours is the world’s 101st data privacy law and the 11th in sub-Saharan Africa.
PoPI regulation is not just about data protection, however. It is also about opening new opportunities as trade barriers that have existed – for example with the European Union with its very strict data protection laws – will be eased.
Haven’t we been working with compliance the past 4 years? Why the renewed urgency?
It is true that a lot has been said and done in the compliance arena in the past 4 years, but that specifically pertained to the Broad-based Black Economic Empowerment (BBBEE) regulation. The Protection of Personal Information (PoPI) Act is an entirely different field of compliance though and is related to consumer protection.
Where can I find the PoPI Act?
For the complete wording of the PoPI Act, click here.