POPIA Disclosure Requirements – Details of Responsible Party
One of several seemingly obvious disclosures required at collection, is the disclosure of the name and address of the responsible party. In an example where someone takes out a life insurance policy, one knows the details of the responsible party because of choosing to approach that specific insurance company. However, take a different example where the responsible party details are not that obvious.
When it is not obvious who the responsible party is
Take a situation where a retail outlet is approached by a micro-lender to sell their short-term loan product to the retail outlet’s loyalty card members. The retailer agrees and hands over their database to the micro lender, who then drives a marketing campaign to target those members.
Assume that everything is above board as far as the prior disclosure made to the members about this processing. Who would be the responsible party in this example?
Determining who the responsible party is
The key point in this example is that the responsible party would be the retail outlet who gave permission for the micro lender to market to their database. It is the retail outlet that determined the means and purpose of processing. (The “means and purpose” principle will be covered in a future article.)
In this example, the micro lender would have to disclose the name and address of the retail outlet (the responsible party) on the loan application form in the campaign marketing leaflet.
All the details regarding Disclosures and the six other workstreams that make up the full requirements of the POPI Act, can be found in the TOSMS online training programme: The Complete Guide to the Protection of Personal Information Act.