Just how pervasive is POPI?

Before one looks at the details of the POPI Act itself, it will be useful to take a step back for a minute and look at what the major challenges are with this piece of legislation.

Firstly, it’s important to realise just how pervasive POPI is. What is meant by personal information?

The POPI Act includes personal information about staff, suppliers and clients. This applies to information held in records that include handwritten or typed content in paper or electronic medium. It also includes personal information in photographs, films, negatives, tape recordings, books, maps, plans, graphs or drawings.

Personal information is not just details about people. It also includes details about companies.

The kind of information being spoken about includes correspondence, opinions and various categories of special personal information such as details of people’s health, religion and race.

The POPI Act also covers details about education, financial, medical, employment and criminal history.

And if that is not enough, the POPI Act covers information kept from the past, even if it is not being used and has been stored away. The Act is also about future information and how it will be protected. So just sorting out the current processing is not enough.

Finally, the POPI Act is about virtually every action one can take on all this information. It includes processes like collection, storage, retrieval, updating, dissemination and removal or deletion.

POPI is a paradigm shift

Apart from being incredibly pervasive, the POPI Act is a paradigm shift. It means one needs to change the culture of an organisation to get these new rules to stick.

Take for example the scenario where someone comes into a room and steals someone else’s cell phone; or attacks them physically. In both these instances the norm is that such behaviour is outlawed. Now compare this to what happens when people have their personal information abused. The response is very different. What constitutes abuse of personal information is unclear.

There is a huge need to shift the attitudes and behaviours of staff. A big part of this process is ongoing education and reinforcement of a company’s message about protecting the personal information it processes.

More About Our Newsletter

References: Information contained in our newsletter includes extracts from the TOSMS online training program Introduction to Protection of Personal Information Act. The aim of providing this content is to assist individuals and companies in South Africa who are dealing with personal information about clients, suppliers and staff in coming to terms with the extensive requirements of the POPI Act. You will find more details on the course here.

Understanding POPI In Layman’s Terms: With the South African Information Regulator having been appointed, the next major announcement by government will be that of the effective date of the POPI Act. This announcement will kick-start the POPI one year transitional period and TOSMS decided to embark on an education initiative for subscribers to our POPI newsletter. What this means is that the POPI Act will be unpacked in bite-size chunks over the next year through a regular newsletter, to provide a useful reference for individuals impacted by the POPI Act. You can subscribe to our newsletter in the footer of our website.

We will include other articles of relevance from time to time. Mostly, we will be covering what is in our POPI training program.  While it will not be as comprehensive as the training program, it will expose the issues for you. You can then explore further where it triggers the need in your business to consider changes.