0
THE PROTECTION OF
PERSONAL INFORMATION
ACT
Update & Perspectives @ November 2013
The Protection of Personal
Information Act

The Purpose of the Bill is to:
regulate, in harmony with international
standar...
The Protection of Personal
Information Act
The President has signed. But the Act is
not yet law until 6 months from now,
w...
The Protection of Personal
Information Bill

So there are only 18 months to go and
the Bill is potentially catastrophic fo...
If you* are convicted of an
infringement the regulator can fine
you up to R10.5 million, imprison
you or both!
* Are YOU t...
POPI is based on the
Eight European Union Principles
(In the Bill, these are called ‘The Conditions’)

1. The POPI Bill is...
POPI Is Based on the
Eight European Union Principles
(In the Bill, these are called ‘The Conditions’)

2. The Bill is all ...
POPI Is Based on the
Eight European Union Principles
(In the Actl, these are called ‘The Conditions’)

1) ACCOUNTABILITY
–...
POPI Is Based on the
Eight European Union Principles
(In the Bill, these are called ‘The Conditions’)

2) PROCESSING LIMIT...
POPI Is Based on the
Eight European Union Principles
(In the Bill, these are called ‘The Conditions’)

3) PURPOSE SPECIFIC...
The 8 EU Principles
4) FURTHER PROCESSING LIMITATION
- only process someone’s data for a specific purpose
• You can’t use ...
The 8 EU Principles

5) QUALITY of INFORMATION

- it must be kept accurate
The 8 EU Principles

6) OPENNESS

- you must notify the data subject when collecting
their information
You need to tell th...
The 8 EU Principles

7) SECURITY SAFEGUARDS

- keep the data safe or else!
The 8 EU Principles

8) DATA SUBJECT PARTICIPATION

- a data subject, that means anyone, has the right of:
•
•
•
•
•

Acce...
POPI Section 69 – Electronic Communication
Processing personal information for the purpose of sending faxes,
emails, SMS’s...
POPI Section 69 – Electronic Communication

‘Automatic calling machine’ is defined in the Act as a
machine that is able to...
POPI – The Opt-In / Opt-Out Scenario
You can process and communicate with consumers via telephone,
postal mailing and dire...
POPI – The Opt-In / Opt-Out Scenario
You can process and communicate with consumers via telephone,
postal mailing and dire...
Your POPI ‘To-Do’ List
• Formulate, draft or revise your protection of Personal
Information Policies, Procedures, and Prac...
Tactics & Tips
• Take the trouble to read the bill, then talk to a specialist to get a good
understanding of how it specif...
Useful Contacts

www.databasesolutions.co.za

www.michalsons.co.za

www.dmasa.org
Upcoming SlideShare
Loading in...5
×

POPI Update 2013

465

Published on

The Protection of Personal Information Act: Update & Perspectives @ November 2013

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
465
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "POPI Update 2013"

  1. 1. THE PROTECTION OF PERSONAL INFORMATION ACT Update & Perspectives @ November 2013
  2. 2. The Protection of Personal Information Act The Purpose of the Bill is to: regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy, subject to justifiable limitations that are aimed at protecting other rights and important interests
  3. 3. The Protection of Personal Information Act The President has signed. But the Act is not yet law until 6 months from now, while the regulators set themselves up, and then there is a 1 year compliance holiday, which may be extended by another two years, maybe
  4. 4. The Protection of Personal Information Bill So there are only 18 months to go and the Bill is potentially catastrophic for the contact centre industry, so…
  5. 5. If you* are convicted of an infringement the regulator can fine you up to R10.5 million, imprison you or both! * Are YOU the ‘Responsible Person’?
  6. 6. POPI is based on the Eight European Union Principles (In the Bill, these are called ‘The Conditions’) 1. The POPI Bill is a “Principles” based piece of legislation, and not “Rules based”
  7. 7. POPI Is Based on the Eight European Union Principles (In the Bill, these are called ‘The Conditions’) 2. The Bill is all about “Processing” and not about “Communicating”
  8. 8. POPI Is Based on the Eight European Union Principles (In the Actl, these are called ‘The Conditions’) 1) ACCOUNTABILITY – YOU are a responsible party Get your Client/Affinity Partner/Data Supplier to sign an indemnity!!!
  9. 9. POPI Is Based on the Eight European Union Principles (In the Bill, these are called ‘The Conditions’) 2) PROCESSING LIMITATION – You can’t process personal information unless: • • You have consent from the data subject OR The processing is necessary for pursuing the legitimate interests of the responsible party.
  10. 10. POPI Is Based on the Eight European Union Principles (In the Bill, these are called ‘The Conditions’) 3) PURPOSE SPECIFICATION – You must tell everyone that you are processing their data • • This condition will sink all the big prospect databases. How are they going to tell the 40 million people they have on their databases? So …. hardly any leads will be available any more
  11. 11. The 8 EU Principles 4) FURTHER PROCESSING LIMITATION - only process someone’s data for a specific purpose • You can’t use the data for another totally different campaign/product without getting consent from the data subjects, so you need to ask for a wider permission, such as marketing your full range of products
  12. 12. The 8 EU Principles 5) QUALITY of INFORMATION - it must be kept accurate
  13. 13. The 8 EU Principles 6) OPENNESS - you must notify the data subject when collecting their information You need to tell them what the purpose is, who you are collecting for, the original source, their right to object, etc, etc, etc
  14. 14. The 8 EU Principles 7) SECURITY SAFEGUARDS - keep the data safe or else!
  15. 15. The 8 EU Principles 8) DATA SUBJECT PARTICIPATION - a data subject, that means anyone, has the right of: • • • • • Access to their information, and they can tell you to update it, delete it provide credible evidence as to where you got it etc, etc, etc
  16. 16. POPI Section 69 – Electronic Communication Processing personal information for the purpose of sending faxes, emails, SMS’s and calls via ‘automatic calling machines’ is prohibited unless the data subject: – Has given consent to the processing (you only have ONE chance to ask for consent) – If the person is a customer and you acquired their data in the process of a sale – Any communication must contain the identity of the sender and an address so that people can ask to opt-out
  17. 17. POPI Section 69 – Electronic Communication ‘Automatic calling machine’ is defined in the Act as a machine that is able to do automated calls without human intervention. A judge could easily rule that a dialler (predictive, or otherwise) is also an ‘Automatic Dialling Machine’. It is hoped that the regulations will clarify this.
  18. 18. POPI – The Opt-In / Opt-Out Scenario You can process and communicate with consumers via telephone, postal mailing and direct face-to-face sales: – Provided you have complied with all the principles – And provided that you allow the data subject every opportunity to opt-out from future communications
  19. 19. POPI – The Opt-In / Opt-Out Scenario You can process and communicate with consumers via telephone, postal mailing and direct face-to-face sales: – Provided you have coplied with all the principles – And provided that you allow the data subject every opportunity to opt-out from future communications You can process and communicate with consumers via email, SMS, fax and automatic calling machines: – Provided you have complied with all the principles – And provided that the data subject has opted-in to receive the communication, or is a customer
  20. 20. Your POPI ‘To-Do’ List • Formulate, draft or revise your protection of Personal Information Policies, Procedures, and Practises • Investigate and Secure Appropriate Insurance Cover • Define your Information Security Policies • Carry out a Risk Analysis • Assess the Impact on the organization's Marketing and Sales Practices • Formulate, draft or revise your Incident Response Policy and procedures. • Review and adapt all documentation, and written and verbal (and electronic) responses. Ensure legal compliance. • Draft and refine your Access to Information Manual • Formulate and draft your Monitoring Policy and Procedures Source: Michalsons
  21. 21. Tactics & Tips • Take the trouble to read the bill, then talk to a specialist to get a good understanding of how it specifically affects your business. • The law requires that your company MUST to appoint an INFORMATION OFFICER, and you need to inform the Regulator of the appointment • Carry out a comprehensive audit of all the personal information of customers and prospects that you hold in your company, including what outsourcers might hold on your behalf. • If you are an outsourcer or take on work on behalf of affinity partners, ensure that you get an INDEMNITY AGREEMENT in place as soon as possible. • Craft a detailed business plan / project to become fully compliant as soon as possible. The clock is ticking! • Start a vigorous process to get consent from your customers to contact them regarding your full range of products. • The same goes from your list of hottest prospects. Start now! • We suggest you diversify away from unsolicited marketing and focus on customer service, debt collection and stimulating inbound sales. • You potentially only have about 18 months left!
  22. 22. Useful Contacts www.databasesolutions.co.za www.michalsons.co.za www.dmasa.org
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×