POPIA Disclosure Requirements – Other Purposes
Take a scenario where a company is processing personal information of a data subject beyond the original purpose for which the information was collected. To comply with POPIA, the correct thing would be to disclose that the company will be processing the information for other purposes and to list these. An option must also be provided to the customer to say no thank you or to “opt out” as the legislation calls it.
Where a company is processing personal information, a good practice for staff is to always check that the purpose for the processing they are doing is in line with the original purpose for which it was collected. If they believe it is not in line with that, then they should contact the appropriate management in the company to make sure that the correct disclosures have been made to customers.
Self-regulation within organisations
In the case where a staff member receives a customer’s personal details with the intention to market other products to them, for example Health Care or Investment products, and the person had originally approached the company to take out Life Insurance, the staff member would need to satisfy themselves that they are not breaching POPIA rules. This would be done by first checking whether the customer has been notified and secondly that they did not choose to opt out. This will be covered in more detail in a later article that deals with data subject preferences and consent.
Opportunities to comply with the POPIA Regulations
All the details regarding Disclosures and the six other workstreams that make up the full requirements of the POPI Act, can be found in the TOSMS online training programme The Complete Guide to the Protection of Personal Information Act.
With the POPI Regulations having recently been published by the Information Regulator, should one need to carry out an assessment of Disclosure requirements (or assessment for other workstreams) in an organisation, one can obtain access to the TOSMS online ASSESS application and carry out a self-assessment to understand where one does not comply with the Regulations. Contact TOSMS here to find out more.