SA Corona Virus Online Portal Logo



POPI becomes a Reality

The proposed amendments to the Financial Intelligence Centre Act (FICA), which is still awaiting signature by the President, takes on significant meaning in view of the court action instituted by the Minister of Finance on Friday for a declaratory order on government intervention in the affairs of banks and their clients.

The protection of data and personal information is becoming increasingly important. On the one hand, you have FICA requiring reporting on suspicious transactions and, on the other hand, the Protection of Private Information (POPI) Act which aims to safeguard privacy. Then, if, unlike most of us, you have a third hand, there is the Promotion of Access to Information Act (PAIA).

This reminds me of the rather cynical saying by George Bernard Shaw: A government that robs Peter to pay Paul can always depend on the support of Paul.

IT Web reported as follows on 16 September:

“The effective date for the Protection of Personal Information (POPI) Act could be before the end of this year, following the recommendation of Pansy Tlakula as chairperson of the newly-formed information regulator.”

“The industry has welcomed the much-delayed recommendation of Tlakula, as POPI will enable SA to be globally competitive on privacy matters and international data exchange laws.”

“POPI was signed by the president on 19 November 2013 and published in the Government Gazette on the 26 November 2013. On 10 May 2016, the Portfolio Committee on Justice and Correctional Services shortlisted five candidates for the office of information regulator.”

“The National Assembly recommended the appointment of the office bearers on 7 September 2016. As part of the process, Parliament invited everyone to nominate people and shortlisted candidates to appoint as members of the information regulator. The office of the information regulator will be made up of advocate Tlakula as chairperson, advocate Cordelia Stroom and Johannes Weapond as full-time members, and professor Tana Pistorius and Sizwe Snail as part-time members.”

The article, titled Industry awaits controversial Tlakula to stir POPI, also provides positive views from industry experts on the new incumbent’s experience, and how this will stand her in good stead in doing her job well.

The report also quotes Adrian Schofield, an ICT veteran, according to the article, as saying:

“Every entity’s information officer will have to register with the regulator. This is the other side of the PAIA coin – the Promotion of Access to Information Act required every entity to have an information officer to whom persons could apply to have access to information. That officer will now have to register with the information regulator – and presumably accept responsibility for compliance with POPI as well as PAIA.”

“Getting all that up to speed will obviously take some time but entities that process personal information must ensure their procedures are compliant immediately, if they are to avoid the risk of prosecution.”

In August, we published a two part article titled, POPI and your FSP, written by Alan Holton, on how the new legislation will impact on your business.

The introduction reads:

The Protection of Personal Information Act 4 of 2013 (“POPI” or “the Act”) was signed into law on 19 November 2013, but the commencement date of the Act has not been announced yet. It is important to note that once the effective date is finalized, FSPs will have one year before the Information Regulator will start enforcing the provisions of the Act.

POPI is not ground breaking stuff – FSPs are already bound by the provisions of S 3(2) of the General Code of Conduct. In terms of that requirement, FSPs may not disclose any confidential information acquired from a client, unless written consent was obtained beforehand, or disclosure of the information is required in the public interest, or under any law.

The Act was introduced in response to the perceived threat posed by the unregulated processing of personal information. It aims to regulate the processing of personal information, and to give effect to the constitutional right to privacy by introducing measures to ensure that organisations use (“process” is the word used in the Act) personal information in a fair, reasonable, responsible and secure manner. The introduction of a data protection law in South Africa is in line with other jurisdictions such as the UK, where legislation that regulates the processing of personal information has been in place for several years.

All FSPs are bound by this piece of legislation which applies to personal information of clients, prospects, employees, product suppliers or any other party.

Please click here to read Alan’s article to understand the full impact on you and your business.

Comments are closed.