Section 14 of the South African Constitution provides that everyone has the right to privacy. The Protection of Personal Information Act, 2013 (POPIA) protects and enforces this right to privacy by promoting the protection of personal information processed by public and private bodies, and seeks to bring a balance in everyone’s right to have access to information whilst ensuring no one’s rights are disregarded.
Despite the POPI Act being published years ago, the majority of the regulations have yet to be enforced. On the 22nd of June 2020, the Presidency declared that the Act would take effect from 1 July 2020. It was made clear that the expectation rests with all entities to start with implementation of the Act as soon as possible, however, all entities will have to ensure compliance with the Act within 1 year from its commencement, therefore by 1 July 2021.
What is defined as personal information?
Personal information is essentially any information that can be used to identify a person. This includes name, identity number, age, race, addresses, or biometrics. The Act provides extended examples.
Does this affect agricultural businesses?
Yes, all private and public entities are subject to the regulation of this Act that requires you to establish measures that ensure that you only collect, use, store, delete, and otherwise handle personal information in permitted ways and that it is appropriately protected from unauthorised access or loss.
What should I do to comply with POPI?
- Step 1: Read through the Act, but especially focus on the Eight Principles listed in the Act as it governs how information should be processed.
- Step 2: Review your current practices in terms of information gathering, storage, and distribution. Make sure you review the following:
- Do we only gather personal information that is needed? Do we keep the information safe and not share it with any unauthorised body?
- Step 3: Communicate to all workers the reason for collecting certain personal information and explain how the information will be protected and when it will be shared.
- Make sure workers agree that you can share their information for legal purposes, such as UIF, tax, etc.
- Make sure workers understand that their information might also be shared for compliance and export purposes, such as SIZA audits.
- Develop a privacy policy that clearly stipulates the business’s commitment to protect personal information and declare that it will only be shared for purposes as agreed to between business and employee which is in the interest of both parties.
More information:
- To view the POPI Act, go to: POPI ACT
- To view the official press release from the President, go to: POPIA Commencement Press Statement