The wrong approach to POPI
First it is important to understand what the protection of personal information act 4 of 2013 (POPIA) is trying to achieve, which is to protect the constitutional right to privacy by safeguarding the personal information of people and companies. However this right also needs to balance against other rights like the right to access personal information that is needed in the course or normal business functions, meaning that your personal information is needed to receive products, services, be employed, go for interviews, supply products or services and almost any activity you undertake with another company.
The POPI act is a principles-based act, which requires that it is applied appropriately to many different situations. The spirit and intention of the act should always be considered in the application of how it is implemented in organisations which should be to take care of any personal information that has been entrusted to them.
POPIA is about PROTECTION of your PERSONAL INFORMATION, not protection of the organization serving you.
Companies who implement a ‘allow us to do whatever we want with the information or don’t do business with us approach’ should be held to account and reproached for this type of attitude towards protecting personal information. It reminds us of an arrogant schoolyard bully and should not be tolerated.
Companies should indicate that they will take extra care to protect your personal information, and they should let you know who they might have to share the information with in order to perform their normal business functions. They should let you know (the purpose) of why they need the information. You should also see statements of what information is mandatory to provide the product or service you need, and which information is optional (used to provide you with a better customer experience or to enable them to tailor products and services to your needs).
The protection of personal information should be a part of a culture of ‘the way we do things around here’, ‘because we care’, ‘we are ethical’ and ‘we lead by example’.
When Personal information lands up in the wrong hands, it can lead to identity theft, fraud and other sometimes dangerous outcomes. Unscrupulous companies may be tempted to skirt your rights with prescriptive and prohibitive wording. It is important to look at the privacy statements of companies, which should be easily available on their website, and decide if this is a company they want to do business with.
If you need any help with training or implementing POPIA in your organisation, please contact us.