Protection of Personal Information Act: Is your HR function compliant?suzette
The Protection of Personal Information Act, Act No 4 of 2013 (“POPIA” or “POPI Act”) was signed into law in 2013, but most of the operational provisions of the Protection of Personal Information Act, No. 4 of 2013 (POPIA) only became effective recently, on 1 July 2020.
There is a 12-month grace period (until 30 June 2021) by which to comply with the comprehensive requirements set out in POPIA. Non-compliance can result in significant penalties – up to 10 years’ imprisonment and/or R10 million in administrative fines.
The purpose of this legislation is to protect the personal information of citizens, which is obtained and processed by both public and private institutions. It also attempts to balance the right to privacy with other rights such as access to information.
Personal information is defined by POPIA as information relating to an identifiable, living, natural/juristic person, including but not limited to:
- Demographic information – age, gender, race, date of birth, ethnicity etc.
- Contact information – telephone number, email address etc.
- Opinions of and about a person or group
- History – employment, financial information, medical history, criminal history as well as educational history
- Biometric information – blood group etc.
- Private correspondence
The Act applies to any person or organisation who keeps records relating to the personal information of anyone, unless those records are subject to other legislation, which protects such information more stringently.
Some of the obligations of businesses under the POPIA include:
- to only collect information for a specific purpose;
- to ensure that the information is relevant and up to date;
- to have reasonable security measures in placer to protect the information;
- to only keep the necessary information; and
- to allow the data subject to obtain or view his or her information on request.
In order for your company’s HR function to comply with the POPIA, we suggest the following interventions which Joubert & Associates can assist with:
- Training session with Senior Management Team on the POPIA implications for HR Management.
- Planning session with Senior Management Team to derive an action plan (including but not limited to compiling a policy, updating contracts / agreements, consent documentation, training for staff, appointment of Information Officer etc.) for compliance.
- A POPI HR audit to determine risks.
- Implementation of POPI HR Policy & Action Plan.
Contact us as soon as possible to schedule a training session to kick start the road to POPI HR compliance.
To view the full act: https://www.justice.gov.za/inforeg/docs/InfoRegSA-act-2013-004.pdf