Picture: iStock
If you go anywhere these days you are required to fill in your personal details so that you can be contacted if someone who was in the same place and the same time as you tests positive for Covid-19.
Before the pandemic you had to enter your personal information whenever you entered a building or secured estate or business park.
The good news is that your personal information will become protected in 41 days when some provisions of the Protection of Personal Information (Popi) Act come into effect for everybody who has access to your personal information.
With impersonation fraud, where fraudsters take your personal information to spend money in your name, increasing an astounding 377% last year and marketing communication bombarding us on all possible platforms, consumers are rightly concerned about how their personal information is used and stored.
ALSO READ: Identity theft up by 337% in 2020, fraud summit hears
Sections 2 to 38, 55 to 109, 111 and 114 of the Popi Act came into operation on 1 July 2020, with section 114 giving entities 12 months to get ready to comply with the act from 1 July 2021. It is high time, as the act was promulgated in 2013.
The purpose of the Popi Act is to:
According to section 5, your rights are to:
According to section 6 of the act, it does not apply to the processing of personal information in the course of a purely personal or household activity or when it is done by or on behalf of a public body that involves national security, including the identification of financing terrorist and related activities, defence or public safety or to prevent or detect unlawful activities and prosecute offenders.
ALSO READ: One day before WhatsApp privacy policy update kicks in – how safe are you?
The protection of your personal information form part of eight different conditions that will ensure your rights are protected, namely accountability, limited use, purpose specification, limited further use, information quality, openness, security safeguards and data subject participation.
The Regulator can grant an exemption for processing personal information even if it is in breach of a condition if it is in the public interest or it has a clear benefit for you and others that outweighs the chance of interference.
Public interest includes national security, the prevention, detection and prosecution of offences, important economic and financial interests, compliance with legal provisions, historical, statistical or research activity or freedom of expression.
The personal information of children may not be used without consent. It can only be used if it is necessary to establish, exercise or defend a legal right or obligation, comply with international public law, for historical, statistical or research purposes, has been made public already with consent.
ALSO READ: ‘WhatsApp needs our permission,’ says SA’s Information Regulator
Section 69 of the act provides that processing of personal information for direct marketing is prohibited unless you gave permission or are a client of the entity. Entities can also only ask you once for permission.
If you are a client your information can only be used if it was obtained when you gave it while buying a product or service or for direct marketing. You must also get the opportunity to object free of charge to the use of your information gathered during direct marketing.
Communication for direct marketing must identify the entity and give an address where you can ask for the communication to be stopped.
Visit the Regulator’s website on www.justice.gov.za/inforeg/index.html or send email to inforeg@justice.gov.za.
Download our app and read this and other great stories on the move. Available for Android and iOS.
