Ricochet News

POPIA: Is the protection of personal information in terms of POPIA in force?

By Bardine Hall (BA LLB) - Sep 12, 2017
POPIA: Is the protection of personal information in terms of POPIA in force?

The Protection of Personal Information Act, 2014, (Act 13 of 2014), (POPIA), was assented to on 19 November 2013.

Only certain sections of POPIA are currently in operation. On 11 April 2014, sections 1 (Definitions), 112 (Regulations), 113 (Procedure for making Regulations) and Part A of chapter 5 (Information Regulator) were brought into operation in order to appoint the Information Regulator and to allow the Minister to develop and draft regulations.

It is expected that POPIA will be brought into full operation once the regulations under POPIA have been drafted and promulgated. In terms of section 113 of POPIA the draft regulations must be published for public comment and consulted with the Information Regulator before it is finally promulgated.

Once POPIA is fully in operation, it will safeguard the personal information received, collected or disseminated from your business clients during the course of your business operations.

The purpose of POPIA is to prevent the misuse and abuse of your clients’ personal information for instance through identity theft and unsolicited marketing.

POPIA will not prevent the processing or sharing of the personal information of your clients but will regulate how it should be done so that the information is safeguarded against misuse and abuse.

The Information Regulator recently released its strategic plan for 2017 to 2020. In terms of its strategic goals for the financial year 2017/2018 regulations will be developed.

From the strategic plan, it is apparent that the Information Regulator will adopt a developmental approach and will develop guidelines to assist industries to develop and improve codes of conduct regarding the protection of personal information.

Many industries and private bodies have started to implement the requirements of POPIA which is advisable, but it should be kept in mind that any measures implemented at this stage will have to be reviewed when the regulations and supporting instruments in terms of POPIA come into operation to ensure compliance with the regulations.

Once POPIA comes into operation, there will be a grace period of one year to implement the prescribed measures.

It will be important for industries and businesses that receive, collect or disseminate their clients’ personal information to closely follow the developments pertaining to POPIA during the next year to ensure readiness, to receive advice on how to comply and possibly to influence how the Information Regulator will implement POPIA by submitting comments on the draft regulations when published.

For more information or advice, contact us at Goldberg & de Villiers Inc on 041 501 9800