Countdown for Compliance - Protection of Personal Information (POPI) Act
Have you ever registered to take part in an event sponsored or hosted by some company and then, a few months later, started receiving those infuriating, persistent cold call sales from that very same company? The exact details of your own experience may be slightly different, but you probably recognise the broad strokes.
In the past, there have been few safeguards on how personal information is used. Databases of personal information were bought and sold between companies making people unsure what filling in any kind of form or accepting the T&Cs meant.
The POPI Act was implemented to prevent this from happening.
The Protection of Personal Information Act (Act No 4 of 2013), more commonly known as the POPI Act or POPIA, advocates the right to privacy of persons by governing the acquisition, use, transfer, storage, and termination of personal information by companies or organisations or any other person that holds personal information. Although POPI was initially promulgated in November 2013, the Act has recently come into full effect, and as of 1 July 2021, companies need to ensure that they are fully compliant or face fines of up to R10 million and jail time.
While everyone must get acquainted with POPI, it is a hefty 149-page document. To make it easier for you, we have answered two major questions on what the Act means for PBA Financial Services and how it relates to your personal information.
1. What counts as personal information?
As we said above, the POPI Act's purpose is to keep persons’ personal information as private as possible while enabling other persons such as businesses to go about their everyday operations. The Act defines personal information as any form of information that can be used to identify a person [own emphasis] POPI is deliberately broad and covers the following information:
ID or passport numbers
Age and date of birth
Online or instant messaging identifiers
Gender, race, national/ ethnic/ social origin
Marital status and family relations
Religion/ culture/ beliefs
Education/ medical/ financial/ criminal or employment history
Physical and mental health information
Membership to organisations or unions
Photos and video footage (CCTV footage, voice recordings and biometric data).
2. Who is affected by POPI?
Well, to put it simply, just about everyone. Although most, if not all, companies will be affected by the Act, certain industries will be affected more than others. For example, companies that handle a large pool of personal information – think banks, medical aid and (you guessed it) insurance brokerages. The enforcement of the POPI Act has highlighted the importance tenfold of securing our clients' personal information.
To ensure that PBA is fully compliant with the POPI Act, various conditions need to be met. One condition involves the quality of information. This condition requires that our client’s personal information is accurate, complete, up-to-date, and reliable for its intended use. This means that we may need to request our clients to update their information, such as FICA and the latest residential address, and confirm that it is still relevant. We would like to also stress to our clients the enforcement of POPI has important implications for the access of information. For example, PBA can give you access to any of your personal information on request, BUT only if it relates to you or your family if it's applicable and only if it is lawful. Therefore, if you would like to access, correct, update, or remove their personal information, you will be required to submit this request in writing.
To recap, the POPI Act is a ‘code of conduct’ for all businesses designed to protect the personal information of individuals collected, processed, stored, or shared. Personal information refers to any information that can be used to identify a person. Last but not least, this Act ultimately supports the trust relationship between PBA and our clients by creating a transparent process.
For further information or any concerns about the POPI Act, contact a PBA financial advisor.