POPIA Disclosure Requirements
There are a number of POPIA disclosure requirements that appear in different sections of the POPI Act. TOSMS have consolidated these into a workstream, or logical grouping of work, called “Disclosures”. This is covered in Section 5 of the TOSMS online POPIA training programme: The Complete Guide to the Protection of Personal Information Act.
This article forms part of a series of POPIA articles written by TOSMS. The intention is to give readers insights into what it will take to implement a sustainable POPIA solution in an organisation. The series starts here.
Major focus on disclosures for data subjects
A good starting point is where there is a major focus on disclosures in the Act. This is where a company collects personal information about a data subject.
POPIA stipulates a number of requirements that have to be communicated to the data subject at the point of collection where certain circumstances apply.
The first disclosure at collection deals with your purpose for processing the data subject’s personal information.
Purpose is one of the cornerstones of POPIA
Purpose is one of the cornerstones of the legislation. It needs to be a central focus when considering the processing of any personal information in a company. Many of the rules in POPIA rely on information about purpose for the action that must be taken.
Collection of details solely in service of the contract?
On the surface, the whole issue of Purpose that is covered in POPIA seems like a pretty straightforward requirement. Take an example where someone goes to an insurance company to take out life cover. When they are busy filling in personal details and signing the application form, they are well aware of the purpose for which the insurance company is collecting their details, to service their contract. Or so they believe…
The next article will cover the question that arises, whether the collection of personal data is solely in service of the contract?