When striving to comply with the acts and regulations in place in a country you first need to properly understand the intention and the purpose of those Acts. The list of Acts is extensive and they are constantly being revised and updated, so staying up to date is essential.
This article serves to explain the difference between the Protection of Personal Information (POPI) Act and the Promotion of Access to Information Act (PAIA) that are in place to protect information and the access to it in South Africa.
The Protection of Personal Information Act (POPI)
The Objectives of POPI
The POPI Act is in place to protect the flow of information. Any information that can be considered private must be safeguarded against falling into the wrong hands. This includes any information that can be considered personal details.
Compliance with POPI
In order to comply with POPI all parties are prohibited from selling, damaging, losing or giving away information that will cause inconvenience to an individual in any way. This applies to anyone in the possession of personal information not belonging to them. The information that is considered personal and private includes, but is not limited to:
- Phone number
- Physical address
- Email address
- ID or passport number
- Criminal record
- Date of birth/age
Sharing this information with third parties is strictly prohibited by the POPI Act and can land you or anyone who does in serious hot water. The easiest way to ensure you are compliant is to set up a POPI compliance checklist and make sure all your documentation and procedures are compliant. For this to be successful you need comprehensive records and documentation of your business operations. Should you need assistance with understanding the POPI compliance manual, enlist the help of business legislation professionals.
The Consequences of Not Complying with POPI
A fine for negligence or non-compliance is given by regulators. You could also be liable to pay for damages and compensate for the breach with interest. A court will determine the scale of the fine to be paid.
If you are convicted of an offence stipulated by POPI you are liable for up to ten years in prison or fines of up to R10 million.
Promotion of Access to Information Act (PAIA)
The Objectives of PAIA
The PAIA is in place to promote the free flow of information. This means that any information that is considered public record should be available and accessible by the general public. It aims to promote transparency and accountability among all public and private bodies.
Compliance with PAIA
To comply with the PAIA a manual needs to be drafted, unless your business has an annual turnover of less than R45 million or you employ less than 50 people. Businesses to which these exemption conditions do not apply must draft a PAIA also known as Section 51 Manual with the South African Human Rights Commission (SAHRC).
The manual must contain all contact details and sufficient details should a request be made to see the records of the business, including a description of its subjects and categories. The manual must take both the POPI and PAIA into consideration.
Enlist the help of professionals and contact us to make sure your business legislative compliances are in order.