ETHICAL PROCESS OUTSOURCING - Time to Become POPI Compliant!
“ Where did you get my number !? ’’
How many times have you heard someone scream this in frustration down their 'phone? Well, those days are almost behind us! Great news, soon there will be no such thing as being dialed 100 times a month by numerous different companies or even by your current service providers, where they offer products or services that definitely don't fit your buying profile or lifestyle!
There was a time where you would get so angry at being harassed through telephone calls from contact centres as well as being spammed- email with relentless offers, that you'd try and call the company to remove your details from their database only to get a blasé agent who promises to "OPT you out" ... and a week later you get called again!
There is a solution... real consumer power at last!
South Africa has passed the Protection of Personal Information. Act no 4 of 2013, also known as POPI, in November 2013 meaning that South African consumers are now able to demand information on how their personal information was accessed by marketers or other companies. The Act protects our Constitutional Right of Privacy.
Definition of Personal Data
“Personal Information” is defined broadly to include information relating to both an identifiable, living, natural person, and where applicable, an identifiable juristic person and includes;
information about a persons'...
race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth information relating to education, medical, financial, criminal or employment history.
- any identifying number, symbol, email address, physical address, telephone number or other particular assignment to the person
- the blood type or any other biometric information of the person;
- the personal opinions, views or preferences of the person;correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the correspondence;
- the views or opinions of another individual about that person; and
- the name of the person, if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
Some privacy, at last!
The news is that, on the 7th of September, the South African National Assembly voted in favour of the appointment of the Information Regulator for PoPI and PAIA. Parliament voted for the five nominated candidates to run the newly-formed office of the Information Regulator.
The recommendation has been referred to the Minister of Justice and Correctional Services.
The office of the Information Regulator is represented by;
Advocate Pansy Tlakula Chair
Advocate Adelia Stroom Full time member
Johannes Wepond Full time member
Sizwe Snail Full time member
Professor Pistorius Part time member
In the performance of its functions, the Regulator is obliged to have due regard to and take account of:
- the information protection principles;
- the protection of all human rights and social interests which compete with the right to privacy (including the desirability of the free flow of information);
- international obligations accepted by South Africa; and
- developing international guidelines relevant to the protection of individual privacy.
There are eight information protection principles or conditions, namely, accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation.
At the very least to be compliant companies should endeavour to;
- Assess its Own Risk
- Draft a Privacy Policy
The complexity of what you need to do to get your organisation POPI - compliant
depends on;
Are you convinced that your organisation needs to be POPI compliant?
With a R1, 000 000 starting fine if found with data that is illegally held is just a small taster on the shake -up that is due to happen in these next few months. No doubt, with the regulator in place, companies should look at aligning themselves, take every action to get as inspection-ready as possible as it is clear to me that one 'fat cat' corporate will prove to be an example as to the seriousness of this regulatory business process when the rounds start.
Hologram Consulting now offers POPI services, unlocking cutting edge, cost-effective solutions that work. Painlessly integrating POPI into business with quantifiable, value-driven results, Hologram Consulting is able to understand that your organisations' unique situation is the starting point of the journey to complying to POPI- and that it is also the biggest challenge.
Start the data journey today, mitigate risk, create and monetize data assets, know where your hidden data strengths are and, most advantageously, get compliant and gain competitive edge by becoming a more ethical business through implementing ethical business practice measures.
For more information on POPI services you can contact me on;
Valerie Roscoe
valerie@hologramconsulting.co.za
Hi Valerie, Thanks for sharing this valuable piece of information