Articles in this section

The Protection of Personal Information (POPI) act explained

What is POPI: The Protection of Personal Information (POPI) Act explained

The full article can be found here.

In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information by holding them accountable should they abuse or compromise your personal information in any way.

The PoPI legislation basically considers your personal information to be "precious goods" and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control over:

  • when and how you choose to share your information (requires your consent)
  • the type and extent of information you choose to share (must be collected for valid reasons)
  • transparency and accountability on how your data will be used (limited to the purpose) and notification if/when the data is compromised
  • providing you with access to your own information as well as the right to have your data removed and/or destroyed should you so wish
  • who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing your information
  • how and where your information is stored (there must be adequate measures and controls in place to safeguard your information to protect it from theft, or being compromised)
  • the integrity and continued accuracy of your information (i.e. your information must be captured correctly and once collected, the institution is responsible to maintain it) 

Examples of "personal information" for an individual could include:

  • Identity and/or passport number
  • Date of birth and age
  • Phone number/s (including mobile phone number)
  • Email address/es
  • Online/Instant messaging identifiers
  • Physical address
  • Gender, Race and Ethnic origin
  • Photos, voice recordings, video footage (also CCTV), biometric data
  • Marital/Relationship status and Family relations
  • Criminal record
  • Private correspondence
  • Religious or philosophical beliefs including personal and political opinions
  • Employment history and salary information
  • Financial information
  • Education information
  • Physical and mental health information including medical history, blood type, details on your sex life
  • Membership to organisations/unions

It must however be noted that some personal information, on its own, does not necessarily allow a third party to confirm or infer someone's identity to the extent that this information can be used/abused for other purposes. The combination of someone's name and phone number and/or email address for example is a lot more significant than just a name or phone number on its own. As such the Act defines a "unique identifier" to be data that "uniquely identifies that data subject in relation to that responsible party".

We have to accept that we now live in an information age and along with this progress comes the responsibility for each person to take care of and protect their own information. So remember: The PoPI Act cannot protect you if you do not take care to protect yourself.

 

Source: https://www.workpool.co/featured/popi/

Related articles

  • Avatar
    rogladie Happy

    -The value of this article is good, it give us a good information to protect our personal information. 

    0
    Comment actions Permalink

Please sign in to leave a comment.