Protection of Personal Information Act
Three important things to note here –
- Once the enforcement provisions are in effect you will have a one-year grace period before compliance is obligatory. After that date, any unlawful processing of personal information will cost you dearly,
- Even for smaller businesses compliance will be a time-hungry affair – hence the many warnings against leaving it to the last minute,
- Even before POPI is fully effective you are at risk if you don’t safeguard personal information.
To illustrate that risk -
- An insurance company employee phoned King Goodwill Zwelithini, King of the Zulu Nation, to offer him cheap insurance premiums. The employee called the King by his first name – a great insult.
- The employee’s profuse apologies (once informed of his blunder) apparently went at least some way to repairing the damage, but then a recording of the call found its way onto social media. That, it seems, was the last straw, and the King is reportedly now about to sue the company for damages.
- The interesting part is the Information Regulator’s response. It issued a formal media statement to the effect that it is engaging with the insurer about what “processes and measures they have put in place to comply with the conditions for lawful processing of personal information as prescribed in POPIA”. Of course, the Regulator cannot yet handle this matter officially in terms of POPI (nor can it officially address any of the many complaints relating to direct marketing already lodged with it), but it sounds as though an unofficial “rap over the knuckles” is in the offing if any unlawful processing of information indeed took place.
- The negative publicity generated in the media and the potential damages claim could well be the insurer’s bigger headache at the moment.
Provided by Van Zyl Kruger
© DotNews. All Rights Reserved.