Example content

POPIA: Don’t allow yourself to be the prime example of the regulator’s bite – Data protection

To print this article, all you need to do is be registered or log in to Mondaq.com.

The president of the information regulator (“Regulator“), established under the Privacy Act 2013 (“POPIE“), issued a stark warning during a media breakfast on June 29, 2022.

Since July 2021, the regulator has received and concluded preliminary investigations into over 700 complaints from various affected individuals. Most of the complaints received relate to direct marketing, indicating that many responsible parties do not comply with the sections of POPIA relating to unsolicited electronic communications and consent, justification and objection.

The regulator mentioned that it received a notification from the national credit regulator regarding a report on entities engaged in the sale of consumers’ personal information (such as first and last names; identity numbers; telephone numbers ; credit scores ; and consumer debt review statuses).

The Regulator said:

“…we warn responsible parties who continue to share personal information that this is in violation of POPIA, and we will not tolerate it. We send an unequivocal message to those in the credit granting and marketing industries directly from our economy: this must stop.”

According to the regulator, the country is experiencing an alarming rate of security breaches with more than 330 data breach reports recorded since POPIA went into effect just over a year ago.

To address this issue, the regulator has decided to create a dedicated unit to conduct in-depth investigations and assessments of these security compromises and will issue reports with findings and recommendations. According to the Regulator, these reports will be considered as execution notices.

The regulator is also responsible for overseeing the regulatory functions of the Promoting Access to Information Act 2000 (“PAIA“), which governs the right of access to information.

After conducting targeted compliance assessments on 15 South African municipalities, the regulator found that none of these municipalities had valid PAIA manuals. PAIA manuals must be kept by all public and private bodies in South Africa and must indicate how the records of these bodies can be accessed.

The regulator has also investigated complaints alleging PAIA requests for access to records have been wrongly denied.

Given the regulator’s warning, now is the time to perform a POPIA and PAIA health check, including on your organization’s direct marketing practices, security measures and PAIA manuals, to avoid the teeth of the regulator.

We have helped many organizations navigate direct marketing activities in accordance with POPIA and it is indeed possible. We can also help you with your data brokerage initiatives, which, if properly structured, will be legal and efficient.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: Privacy from South Africa

Privacy and Data Protection Law in Nigeria

Alliance Law Firm

The transformational value of data in today’s world cannot be overstated. The right to privacy and data protection is an internationally guaranteed right that enjoys universal protection.

Source link