Picture: Sillicon Republic/Shutterstock
Any business that shares customers’ data without permission will be contravening the Protection of Personal Information Act (Popia), and they could be fined thousands of rands.
Popia is an act that protects protect people’s personal information; and regulates how companies and organisations handle personal data. The act also gives individuals control over their own information.
Tayyibah Suliman, head of the technology and communications sector at Cliffe Dekker Hofmeyr (CDH) says there are dangers in sharing customers’ data and some businesses are not aware of them.
Before sharing the dangers, she first makes an example of when Facebook was ordered to pay $1.4 billion by the Attorney General of Texas for sharing customers’ data without them knowing.
ALSO READ: Information regulator slaps DoJ with R5m fine for contravening privacy act
Suliman says the Facebook ruling should serve as an example to many businesses who have access to people’s personal data. In 2022, Facebook was fined for capturing the biometric information from its Texan users’ photographs and videos for commercial purposes without their consent.
She adds that Facebook disclosed it illegally collected personal information for other entities while failing to destroy this information within a reasonable time. “Secondly, Facebook engaged in false, misleading, and deceptive acts and practices which were alleged to violate the Texas Deceptive Trade Practices Consumer Protection Act, Tex. Bus. & Com. Code 17.41.”
The lawsuit against Facebook for the two violations amounted to $35 000, but because violations like these could reach hundreds of billions of dollars, Facebook decided to enter into a settlement agreement of $1.4 billion with Texas.
ALSO READ: Google blocked 5.5 billion ads for policy violation in 2023 – report
Suliman says it is important for businesses to ensure that their data compliance policies and practices are aligned with the relevant legislature to avoid potential liability. She encourages businesses to process data for the purposes which the data subject has consented to.
It is also advisable that personal data should not be stored for a long period of time to avoid it being stolen for ill means. “Every single business needs to be honest about the purpose for which they are collecting the personal information and the intended processing of the information.”
Anybody who contrives the Popia faces 10-years imprisonment and/or a fine, which is not included in the Act.
“In terms of section 108, a magistrate’s court will have jurisdiction to impose any of the penalties in section 107 of the Act. Under section 109, the Information Regulator may also impose penalties against a business for the contravention of Popia.”
ALSO READ: Dis-Chem investigating after hackers access people’s personal information
She shares eight tips which businesses can follow when it comes to protecting the rights of consumers regarding their data.
“It is important for businesses to carefully consider their existing data processing policies and ensure that they are Popia compliant.”
Download our app and read this and other great stories on the move. Available for Android and iOS.
