Purpose of the POPI Act
The purpose of this Act is to give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at balancing the right to privacy against other rights, particularly the right of access to information amongst other thing.
The link between PAIA and POPI
In terms of our Constitution of the Republic of South Africa 1996, The Promotion of Access to Information Act, No. 2 of 2000 and The Protection of Personal Information, Act 4 of 2013.
Section 14 provides that everyone has the right to privacy, and this includes the right to protection against the unlawful collection, retention, dissemination and use of personal information.
• The Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) was enacted to give effect to this constitutional right of access to information.
Section 32 of the Constitution states that “Everyone has a right of access to any information held by the state and any information held by another person that is required for the exercise or protection of any rights.”
• The Protection of Personal Information, Act 4 of 2013 (“POPI”) seeks to cover this as it regulates data protection and seeks to control the processing of personal information by both public and private bodies. The proclaimed commencement date of POPI is 1 July 2020.
How do you compile your PAIA and POPI manuals – 2 basic steps…
PAIA
What personal information does your information officer currently hold in order to operate efficiently? Scrutinise what you have and determine if you have any more information than you need. If you do, get rid of it!Don’t keep any unnecessary info, the more personal info, the higher your risk.
POPIA
How are you going to protect that information you just mentioned? What IT controls, locked cupboards, access controlled areas etc will you put in place? How will you limit access to only those who need to see it ? It is the responsibility of the information officer to ensure that the personal data is safe and secured. What if there’s a breach?
Formalised manuals that must be documented, signed, implemented and lodged with the IO
• Appointment of the information officer – where does the buck stop?
• Training all those responsible for receiving and using the personal information, to avoid data breaches
• Strategic risk management
• Data Mapping –what’s the information flow of data through the organisation, so you can assess risks at different points
• Employee info –Sindy will talk about
• Privacy policy
• Incident management –data breach, now what?!!
• Consents
• OTHER INFORMATION PERTINENT TO YOUR ORGANISATION
Women In Business
Above all else, apply logic. Apply the reconciliation
We would like to encourage entrepreneurs, who are not yet members of WIB, to become members.
- Click on this link to access the Membership Application document: https://forms.gle/cSfTZF2jYLFjAK886
- What are the benefits of being a member of WIB: click here to find out https://womeninbusiness.org.za/members/
- You are welcome to join our Women In Business WhatsApp Group: https://chat.whatsapp.com/JSeeh7153tdJrd6pcQcs1v
- or
- You are welcome to join our Women In Business Telegram Group: https://t.me/joinchat/StBCT_zdKKs3oeS-
- Women In Business members are welcome to post on our Facebook Group: https://www.facebook.com/groups/wibmidlands