We would like to introduce companies to a different way of thinking and more practical approach to personal information. It will help when a company starts to look at processes and when trying to establish what the impact of POPI is on what staff in a company do.
From now on, instead of thinking of personal information as just a collection of all the types of detail covered in the POPI Act under the definition of personal information, think rather of a record – like one would find in a spreadsheet. The record is made up of a number of different fields and some of those fields contain personal information, as listed in the definition.
This just makes it a lot easier to get one’s head around the kinds of processing that happens and all the rules that will be covered in future posts associated with different processing.
Bear in mind that POPI also applies to paper-based records. In fact, it is best to group the types of personal information you would find in your workplace broadly into the following main categories:
- Customer, supplier and employee database records
- Customer, supplier and employee paper-based files, and
- Customer, supplier and employee electronic documents.
It is important to understand that there are electronic documents like PDFs and Microsoft Word documents. Then there are extracts from applications in spreadsheets and other formats. And then there are the emails with personal information in the form of correspondence with all kinds of attachments.
This is the picture that TOSMS uses to illustrate the types of records in a company based on our experience over ten years. We call this the “80/20” position. These are the record types that are the biggest culprits when it comes to holding personal information and probably apply to 80% of companies.