The Protection of Personal Information (POPI) Act was first passed in 2013 in South Africa, with the aim of ensuring the protection of everyone’s personal data. The regulations for data protection were introduced as part of a global effort to ensure that confidential details, such as someone’s name, age and address, could not be stored or shared unless permission to do so was given by that person.
Although eight years have already passed since the law was first brought into effect, companies, websites and organisations were given a hard deadline of 1 July 2021 to comply with these laws. The act outlines regulations on how personal information can be processed in order to prevent this data from being stolen or misused.
The legislation applies to any individual or organisation that keeps records of personal information. These include your local security WhatsApp group and your personal messages to your doctor or therapist. The act aims to alleviate identity theft and data hacking, and is one of the primary mechanisms regulating personal privacy in South Africa.
Why was the POPI Act introduced?
Identity fraud, phishing scams, snooping and stalking are just some of the forms of invisible manipulation that led to an overhaul of data protection legislation. Let’s look at a couple of examples to understand some issues around personal privacy:
Thandiwe is a successful 35-year-old sales rep. She’s just received a bonus and is interested in buying a new car. Earlier this month, she bought a lot of expensive clothes online. She also applied for a home loan using a new web-based estate agent. Because her information wasn’t protected, the car dealership was able to build a picture of Thandiwe based on her browsing and purchasing history. The dealership has an idea of how much she can afford and will push for the highest possible price.
Adriaan is retired and lives a quiet life in a small town. He spends a lot of time watching online videos about how to get better at his hobbies. One day, he receives an email from his niece saying that she has run out of money while travelling abroad. The email includes personal information about Adriaan, such as where he lives and things he likes to do, such as gardening and painting. The man sends money to his niece, unaware that he has fallen victim to a phishing scam.
What these examples show is how our personal data can be used against us without our knowledge. Sharing our personal experiences on social media, doing web searches for the things that interest us, and engaging in e-commerce all result in our details being uploaded online.
There was a rising trend for third parties to have unauthorised access to our private details. The collection, processing, storing and sharing of someone’s personal information was previously unregulated. With the POPI Act, situations such as the ones described in these examples can be much more easily controlled.
What are the details of the Act?
Individuals do not need to give their permission for websites to process their private details, but websites do have to adhere to the strict conditions outlined in the POPI Act legislation. The most notable among them are:
- Websites or companies must get the information directly from the individual, rather than procuring it from a third party.
- Only necessary information can be stored.
- Personal information must be treated in a way that respects an individual’s privacy.
- Data collection must have a specific purpose. There must be a good reason for our personal details to be captured, stored and used.
- Information must be relevant and accurate.
- The data subject (i.e. the person whose data it is) can request to view or amend their information.
- The processing of personal information of children is prohibited unless it adheres to specific conditions, such as content by a competent parent or guardian, and if it is deemed to be absolutely necessary.
- The POPI act will not be enforced if it is deemed that public interest is more important than a breach of privacy. Examples of this include matters of national security, important economic interests of the country and official research or statistical activity.
What are different types of personal information?
- Contact details – Name, home and work address, email address and social media account details.
- Biometrics – Blood group, photographs, voice recordings, fingerprints, weight and height.
- Demographic information – Date of birth, gender, age, race or ethnic origin, marital status, citizenship and sexual orientation.
- Beliefs and opinions – Religious beliefs, trade union membership and political persuasion.
- Financial status – Bank account details, credit records and credit score.
- Personal history – Medical history, criminal records, education, employment history and personal correspondence.
How does the POPI Act promote internet privacy?
There are a number of ways that the act ensures our privacy as we work, play or shop online. By requesting to see our personal information, we can ask for it to be removed or corrected. This is especially the case for data that is inaccurate, outdated or misleading in any way.
Information that was illegally captured or purchased can result in some heavy penalties. Organisations and businesses can face fines of up to R10 million and/or prison time of up to 10 years for breaking the legislation.
The Act also promotes accountability and transparency. It stops websites from selling our data to third parties without express consent from private individuals. This legislation is far-reaching and all organisations need to adhere to the Act.
How can we protect our internet privacy?
The POPI Act helps us to control our digital life, but we also need to be aware of how we share our personal details online. Make sure you only provide your details to websites that are POPI-compliant and have the right security protocols in place. Websites are required to give an opt-in and opt-out option when it comes to using personal information for marketing.
Be careful which cookies you consent to. We all have a right to our own privacy and personal information. Knowing your rights goes a long way to ensuring your personal details will be stored and used fairly. The POPI Act is a landmark piece of legislation that brings South Africa in line with Europe in terms of personal information and online privacy. For more information about our fibre offerings or to get a quote for an internet upgrade, please contact us today or check if we’re connected to your address.