Five things all SA businesses need to know about POPI

| 18 February 2015

Sudashan Naidoo, Managing Director of Nashua Maritzburg

One new text message. A quick scan of the message reveals an irrelevant store promotion, for which you didn’t subscribe. You delete the message, but the question remains: how did the sender find your details? This kind of invasive messaging is exactly what the Protection of Personal Information Bill hopes to stop.

The Protection of Personal Information Bill (POPI) sets strict guidelines for what companies can do with the information of their customers – limitations that will significantly impact many local businesses. It implies a moral obligation on the part of the business to take responsibility for the information they hold, and to use it only as needed.

Organisations that deal with the information of customers on a day-to-day basis will be required by law to comply. As a result, it’s hugely important for small and large business owners to stay in the know and to tackle it head-on, observing the Bill on every level. Familiarising yourself with POPI and its requirements is the best way to stay on top of this legislation.

Need a POPI crash-course? Nashua has outlined five things you need to know:

It’s far-reaching: Not sure if POPI applies to your business? If you collect, use, store or destroy ID numbers, cell phone numbers, addresses, demographic information (including age, ethnicity, sex, and so on) or personal and employment history, then the answer is yes. The Bill is farther reaching than many assume – it even extends to individuals’ personal opinions and private correspondence.

Non-compliance is not an option: Organisations will only have one year from the commencement date to comply with POPI, otherwise they’ll face serious consequences. These include up to ten years in jail or R10 million in fines. It’s simply not worth the risk.

It empowers the individual: An individual’s right to privacy in terms of POPI means they can enquire whether an organisation holds any of their private information, exactly what data is held and why. Organisations are compelled to disclose this information.

It’s specific: Information must only be collected with the consent of the individual, for a specific purpose and only stored for the necessary amount of time. POPI also specifies that any personal information collected should be the bare minimum.

It’s helpful: Although the Bill may seem limiting, it will ultimately refine your organisation’s database. Use it as a tool to implement systems that manage information efficiently and you’ll secure your database and avoid future breaches of information.

Navigating today’s vast digital landscape is becoming increasingly difficult for the consumer. Organisations might see POPI as unduly restrictive and exacting, but it forms part of much-needed new legislation in South Africa. The end result will be transparency and an increase in customer confidence, which is always good for business.

Need to align your business with POPI? Nashua offers document management solutions that specialise in data storage for any size organisation, in compliance with the latest regulations. Explore the varied options available here or visit Nashua’s Facebook page for more information.