To understand the full impact of POPI you need to look at what the Act defines as a record holding personal information. In a previous post A More Practical Approach to Personal Information we covered the types of records that were the biggest culprits.
What is a record?
However, to adequately answer the question: ‘What is a record?” when referring to POPI, it is important to look broader than this. If your company is in the security business and deals with a lot of CCTV footage, for example. If the footage contains coverage of people coming in and out of buildings, this could represent a large component of their record.
Here are the basics of what the POPI Act defines as records.
Firstly it refers to record types. It is any recorded information regardless of form or medium, including:
- writing on any material;
- information produced, recorded or stored
- by means of any tape-recorder, computer equipment, that is hardware and/or software or other device,
- label, marking or other identifier;
- book, map, plan, graph or drawing;
- photograph, film, negative, tape or other device where the visual images are contained to be able to be reproduced.
Then the act refers to records in relation to the Responsible Party. It includes records that are:
- in the possession or under the control of a responsible party;
- whether or not it was created by the responsible party; and
- regardless of when it came into existence.
We now have a fuller picture of what constitutes a record containing personal information.