POPI Part 14 – What Businesses Should Do
Parts 1 to 13 in this series on the Protection Of Personal Information Act (POPI) can be read in back issues of the Tourism Tattler (see page 03 of the July magazine for PDF download links).
CHECK RELEVANT INDUSTRY CODE OF CONDUCT AND/OR DO OWN – the Protection Of Personal Information Act (POPI) requires you to comply with either, and will be publishing guidelines.
MANUAL in terms of PAIA (Promotion of Access to Information Act 02/2000) – It is a statutory requirement that ALL businesses have prepared and submitted such a manual – if you have done so, you may already have addressed many of the POPI requirements. If you have not done so, you are BREAKING the LAW! Do so as soon as possible and kill two birds with one stone!
INFORMATION AND SECURITY POLICY – RICA (Regulation of Interception of Communications and Provision of Communications Related Information Act 122/2003) requires that e.g. you can only intercept employee e-mails if you have their written consent – it must be included in an addendum to their employment contract – if you have not done so, make this a priority and include it as part of the policy required in terms of POPI – again two birds with one stone!
APPOINT INFORMATION OFFICER – the POPI requires you to appoint such a person – again there are many other statutes that require you to have a ‘compliance officer’ – again two birds with one stone!
You should INSTITUTE A PROCESS FOR AND AUDIT TRAIL OF:
REFUSAL/CONSENT RE COLLECTION OF Personal Information (‘PI’)
COMPLAINTS HANDLING: again the Consumer Protection Act (‘the CPA) requires you to have this, so yet again two birds with one stone!
REQUESTS FOR AMENDMENT AND/OR DELETION OF PI: the POPI requires you to have such a system in place and to train your staff
THIRD PARTIES TO WHOM PI IS DISCLOSED – all contracts with such parties must be vetted for compliance.
AUDIT CURRENT SYSTEMS, DOCUMENTS AND PROCESSES FOR COMPLIANCE – this is also a CPA requirements SO: again two birds with one stone!
OPERATORS – The POPI requires that they must comply with the POPI or their national legislation. So make a list of these parties, check contracts and compliance, especially cross-border (including applicable laws).
CHECK ALL CONTRACTS REUSE OF THE WORD ‘CONSENT’ – it appears 6 (six) times in the POPI and can therefore make your life much easier!
CHECK ALL TERMS AND CONDITIONS – This applies to HARD COPY (including a mere reference there to) and WEBSITE.
REGULARLY CHECK/REVIEW ALL OF ABOVE = DO AN ANNUAL AUDIT (contact me if you need assistance with this).
ALIGN ABOVE WITH CORPORATE GOVERNANCE.
TRAIN CLIENTS AND THEIR STAFF.
SOCIAL MEDIA – if used make 100% sure of POPI compliance and check the Terms and Conditions of each platform.
Disclaimer: This article is intended to provide a brief overview of legal matters pertaining to the travel and tourism industry and is not intended as legal advice. © Adv Louis Nel, ‘Louis The Lawyer’, July 2014.