Quick Guide There was a grace period on Section 58(2) which ended on 1 Feb 2022. This grace period allowed you to continue processing while your application for prior authorisation was in progress. From now on, you will have to suspend processing while you wait for your authorisation decision under threat of penalty (see [...]
The presidency has announced that most sections of the POPI Act will commence on 1 July 2020. This long awaited announcement means that the 1 year grace period to achieve compliance will start on 1 July and that organisations will need to achieve compliance by 1 July 2021. The Act does make provision for extending [...]
The Information Regulator has published Regulations for the POPI Act. These can be downloaded from the justice.gov.za/inforeg website.
A lot has been made of the maximum penalties in POPI. How exposed are business owners really to long jail terms and large fines? The often quoted R10m and / or 10 years imprisonment provision is a maximum penalty and only applies if you: hinder, obstruct or unlawfully influence the Regulator POPI s100 fail to comply with an [...]
Am I an 'operator' or 'responsible party' under POPI? It’s important to know whether you are regarded as an 'operator' or 'responsible party' under POPI. Both have certain obligations but the responsible party has a much broader responsibility. To determine if you are an operator, you can ask yourself whether you: Process the data solely in the interest [...]
#ProtectingPrivacy An interesting thing happened on Twitter last night. DA leader Mmusi Maimane tweeted a list of candidates from the opposing party. The list contained name, surname, ID number and other details. Someone responded by publicly tweeting a screenshot of the Maimane's tweet - including the list - asking 'Can we sue Mmusi for posting people's names and ID numbers on social [...]
Retain only as long as necessary POPI requires that 'records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected..." Section 14(1) Practically this may be one of the most difficult provisions to comply with as it requires a very clear picture of all purposes [...]
Likelihood of regulatory enforcement When looking at enforcement of privacy legislation in Europe it appears that there is a low level enforcement. 1 For example, the UK Information Commissioner's Office reports only 84 enforcement actions during the whole of 2014. 2 It remains to be seen how active the South African Information Regulator will be in enforcing [...]
Weak passwords Imagine a vault encased in thick steel walls, inside a building with a state of the art alarm system with guards and dogs patrolling the 4m high electrified perimeter fence. Now imagine that a master key capable of opening the gate, front door and vault can be bought for R10 at the local hardware store. This is [...]
How to register your Information Officer Quick FAQ #1: Your organisation, charity, school, club, etc does have an Information Officer under POPIA, and your IO does need to be registered. Quick FAQ #2: Your organisation, charity, school, club, etc does have to comply with both PAIA and POPIA. The Information Regulator has provided guidelines and [...]