Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Popi becomes law briefing slides


Published on

I am presenting at the POPI Becomes Law briefing and will talk about the social Web and social marketing aspects of the anticipated Protection of Personal Information Act.

Published in: Business
  • Be the first to comment

Popi becomes law briefing slides

  1. 1. POPI Becomes Law Communications, social marketing and collaborative enterprisesMonday 05 November 12
  2. 2. @pauljacobson* * Tweet about this talk!Monday 05 November 12
  3. 3. Unsolicited Electronic CommunicationsMonday 05 November 12
  4. 4. What is “direct marketing”?Monday 05 November 12
  5. 5. “direct marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of – • promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or • requesting the data subject to make a donation of any kind for any reason;Monday 05 November 12
  6. 6. And “electronic communication”?Monday 05 November 12
  7. 7. “electronic communication” means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipients terminal equipment until it is collected by the recipient.Monday 05 November 12
  8. 8. “An agreement concluded between parties by means of data messages is concluded at the time when and place where the acceptance of the offer was received by the offeror.” Section 22(2) of the Electronic Communications and Transactions ActMonday 05 November 12
  9. 9. Consent modelsMonday 05 November 12
  10. 10. One-off approach to request consentMonday 05 November 12
  11. 11. “consent” means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information"Monday 05 November 12
  12. 12. “processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including— (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information;Monday 05 November 12
  13. 13. Explicit opt-ins vs implicit opt-insMonday 05 November 12
  14. 14. The data subject has given “his, her or its consent to the processing”Monday 05 November 12
  15. 15. Implicit opt-in is a little more complicatedMonday 05 November 12
  16. 16. 1. Sale of a product or serviceMonday 05 November 12
  17. 17. 2. Related products and servicesMonday 05 November 12
  18. 18. Being responsibleMonday 05 November 12
  19. 19. Monday 05 November 12
  20. 20. Obtain consent Be transparentMonday 05 November 12
  21. 21. Opportunities to opt-out – 1. When the personal information is first collected; and 2. With each subsequent communication.Monday 05 November 12
  22. 22. Collaborative EnterprisesMonday 05 November 12
  23. 23. Social media has transformed consumer relationsMonday 05 November 12
  24. 24. Social media is changing businessesMonday 05 November 12
  25. 25. Business – now more socialMonday 05 November 12
  26. 26. ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to— (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;Monday 05 November 12
  27. 27. More developed collaborative enterprises require more develop privacy frameworksMonday 05 November 12
  28. 28. Data collection and integrationMonday 05 November 12
  29. 29. Privacy is contextualMonday 05 November 12
  30. 30. (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;Monday 05 November 12
  31. 31. Aggregate with cautionMonday 05 November 12
  32. 32. “voluntary, specific and informed expression of will”Monday 05 November 12
  33. 33. Purpose specificationMonday 05 November 12
  34. 34. What is “purpose specification”?Monday 05 November 12
  35. 35. Collection for specific purpose 13. (1) Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party. (2) Steps must be taken in accordance with section 18(1) to ensure that the data subject is aware of the purpose of the collection of the information unless the provisions of section 18(4) are applicable.Monday 05 November 12
  36. 36. Retention and restriction of records 14. (1) Subject to subsections (2) and (3), records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless – (a) retention of the record is required or authorised by law; (b) the responsible party reasonably requires the record for lawful purposes related to its functions or activities; (c) retention of the record is required by a contract between the parties thereto; or (d) the data subject or a competent person where the data subject is a child has consented to the retention of the record.Monday 05 November 12
  37. 37. Thank you! Visit for related materialsMonday 05 November 12
  38. 38. Paul Jacobson @webtechlaw webtechlaw.comMonday 05 November 12
  39. 39. About the photos ... © Paul Jacobson and licensed CC BY-NC-SA 3.0Monday 05 November 12