Commercial

POPIA (The Protection of Personal Information Act) is Now Law and the Clock is Ticking

After many false starts over the years (the pandemic causing one last delay this year), the enforcement provisions of POPIA (the Protection of Personal Information Act) have finally become law. 

The clock is ticking on the year’s grace period allowed for compliance and every business should be aware of the substantial implications of POPIA compliance, and of the equally substantial penalties and risks associated with non-compliance.  

Read on for a brief overview of how “personal information” is defined, of the eight principles underlying the Act, and of the various practical issues you should know of and prepare for.  

Globally, governments are responding to the vast amounts of information flooding into the public domain due to the growth in companies like Amazon, Facebook and Twitter. As much of this information is personal, POPIA seeks to regulate how this personal information is processed and stored.  

South Africa, like many countries, has a constitutional mandate to protect the right to privacy and POPIA is aimed at balancing this right with the necessity of processing personal information – employee salaries is an example. 

With the Act now in effect, you have a twelve-month grace period to comply with POPIA. By 1 July 2021, all entities that process personal information need to be in compliance with the Act.  

This has substantial implications for business and will be costly and time consuming to implement.  

A brief overview 

  • Firstly, what is personal information?  POPIA defines this as including: 
  • a person’s name (including a juristic person such as a company), 
  • contact details,  
  • religion, 
  • sexual orientation, 
  • personal views, 
  • private correspondence,  
  • health records, 
  • employment records,  
  • financial records, 
  • biometrics (DNA, fingerprints) 
  • There are eight self-explanatory principles which govern the Act: 
  1. Accountability  
  2. Processing limitation  
  3. Purpose 
  4. Further processing limitation  
  5. Information quality  
  6. Openness  
  7. Security 
  8. Right of access  
  • Further restrictions apply for the use of “special personal information” like political affiliation or sexual orientation.
     
  • A regulatory body known as the Information Regulator has been established with the following powers and duties:- 
  • Search and seizure powers 
  • May impose administrative fines  
  • May sue on behalf of the subject 
  • Can decide if the law is being complied with 
  • Receives and acts on complaints 
  • May issue notices 

It is a criminal offence to make false statements to, or to not comply with notices from, the Regulator.

  • The appointment of an Information Officer. In terms of POPIA this is deemed to be the head of the organisation, such as the CEO or sole proprietor. The person may delegate this to another person. The Information Officer is to register with the Regulator.The role of this position is to encourage and ensure compliance with the Act, to handle queries from outside the organisation on matters relating to POPIA, to liaise with the Regulator and deal with whatever has been prescribed. 
  • POPIA makes provision for cross-border uses of personal information 
  • In terms of direct marketing, there is a clause requiring opt-in. This is contrary to current laws where the norm is to require opt-out. This means permission must be sought from people whose information will be used, prior to direct marketing taking place.  The only exception is in respect of existing customers/clients. 

This transition period is going to be onerous on businesses. They need to determine what information falls into the Act, how it is used, protected, stored, who has access to it.  Businesses will also need to get the relevant consents from staff and other stakeholders. What privacy statements do you need to make, what protocols do you need to put in place over your information and website?

As there are onerous penalties (a fine of up to R10 million or ten years imprisonment) and these requirements concern the safety of your staff’s (amongst other) information, so it is well worth investing time and taking advice to start getting the right procedures in place now. 

This article is a general information sheet and should not be used or relied upon as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your financial adviser for specific and detailed advice. Errors and omissions excepted (E&OE)

What Happens if your Driver’s Licence Expires During the Pandemic and You Have an Accident?

If the thought of spending hours or days in a queue to renew your expired driver’s licence fills you with dread, you are not alone. Even before lockdown the testing centres were running behind in renewing licences and testing licence applicants, and the lockdown has naturally caused backlogs to soar. Centre closures as result of infection scares will continue to compound the problem. 

And of course not having a valid licence puts you at risk of having any insurance claims rejected – a prospect to be avoided at all costs. We share details of the recent and very welcome extension in “deemed validity” of driver’s licences, with some advice on contacting your insurer or broker to confirm cover. 

Driving licence test centres were closed during the lockdown and even prior to that centres were running behind in renewing driver’s licences and testing first time driver’s licence applicants. 

The Minister of Transport recognised these difficulties and gave motorists until August 31 to renew their licencesThat has now been extended to January 31 2021 and your licence is deemed to be valid if it expired during the period from March 26 to August 31. 

Check your insurance   

Insurance policies require you to have a valid driver’s licence and if this is not the case, the insurer is entitled to refuse any claim made. Even if your policy doesn’t specifically require a valid driver’s licence, there could still be difficulties in making a claim without a valid licence. 

It is worth contacting your insurance broker or company and getting written clarification of cover if your licence has expired or will expire this year.  

Car hire  

On a related topic, car hire companies will not allow car hire without a valid driver’s licence – check upfront that your “deemed valid” licence will be acceptedAnd as and when international travel becomes available to us again, remember that your destination country may still regard your expired licence as invalid 

Motor vehicle licence discs  

All motor vehicle licence discs, temporary permits, and roadworthy certificates that expired during the period from March 26 to May 31 are deemed valid until August 31 2020. 

This article is a general information sheet and should not be used or relied upon as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your financial adviser for specific and detailed advice. Errors and omissions excepted (E&OE)