Category Archives: Personal Data

  • 0

Your personal data

Category : Personal Data

Cape Town – It’s a case of individual responsibility with regard to protecting your personal data despite the Protection of Personal Information Act (Popi) because it only has force with companies operating in South Africa.

Popi was promulgated in 2013 after several delays and is meant to regulate how companies can collect, retain and disseminate personal information.

However, the global internet environment renders geographic borders null and void as many South Africans willingly hand their personal data over to international companies not bound by South African law.

“If you are a company operating in South Africa – either locally owned or internationally owned – you’d have to abide by the local laws which are associated with local data,” Andrew Kirkland, regional director for Trustwave Africa told News24.

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

Specific consent

The law specifies that specific consent must be obtained if companies would like to collect and process personal data.

“Personal information may only be processed if, given the purpose or which it is processed, it is adequate, relevant and not excessive,” says the act.

The lines become blurred when one introduces popular social networking platforms like Facebook, which operate under US law, but have a worldwide audience.

Data uploaded to the giant company’s servers are not subject to Popi, and though Facebook promises privacy, it is not an absolute.

The company warns that some data uploaded may become public domain, meaning that it can be disseminated without specific user consent.

“Because Pages are public, information you share with a Page is public information. This means, for example, that if you post a comment on a Page, that comment may be used by the Page owner off Facebook, and anyone can see it,” Facebook says in its terms and conditions.

Facebook also says that liking a company page on the network is public information and liking a corporate page may mean that content the company creates on its Facebook page may give it access to personal information.

Regulator

“Because this content comes directly from the Page owner, that Page may be able to collect information about you, just like any website,” said Facebook.

Also, personal data of South Africans on Facebook may be given to US authorities. The social network revealed on Monday that between 9 000 and 12 000 demands for information were made in the year ended June 2013.

Microsoft and Yahoo also had to hand over personal data relating to 15 000 and 30 000 accounts respectively.

However, the act specifies that personal data may not be transferred to international parties unless specific permission has been obtained.

“A responsible party in the Republic may not transfer personal information about a data subject to a third party who is in a foreign country…” the law says, adding that it is subject to a range of provisions and consent by the affected party.

These matters indicate that the appointment of a regulator is critical to ensure that the prescriptions of the act, as well as remedies, can be applied for companies who may flout the law.

“We are waiting for the regulator to be appointed to get a better understanding of this [company accountability]. Non-compliance will at some point be penalised but to what extent can only be speculated at this point,” said Kirkland.


  • 0

No government ‘exceptions’ on personal data

Tags :

Category : Personal Data

Cape Town – The Protection of Personal Information Act (Popi) should apply to all organisations, irrespective of whether they be government agencies, a security firm has asserted.

Popi was promulgated in 2013 in response to the rampant practice of companies collecting and trading personal information, but the act is intended to limit this behaviour.

The act specifies that personal information must be processed lawfully and “in a reasonable manner that does not infringe on the privacy of the data subject”.

This means that in theory, one government department, home affairs for example should not – under the law – be allowed to share information with agencies like the Metro Police or Sars.

“The law applies to all parties accessing private information as far as we understand. We are not aware of special circumstances being extended to government or their associations,” Andrew Kirkland, regional director for Trustwave Africa told News24.

Exemptions

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

Popi places the burden of showing that personal data has been carefully managed with the company or organisation that collects it.

However, while the act does not specifically exempt government departments, it makes an exception as regards the sharing of personal information where it relates to criminal activity.

Specifically, the act describes that the law does not apply to activity “which involves national security, including activities that are aimed at assisting in the identification of the financing of terrorist and related activities”.

In practice, it is expected that the appointment of a regulator as envisioned in the act will adjudicate on matters where people feel that their personal data has been misused.

The act also specifies that organisations that flout the law will be subject to financial penalties, but it is up to the regulator to make a determination on the extent of these.

However, the regulator has not yet been appointed, potentially leaving citizens in legal limbo as far as their personal information protection is concerned.

Trustwave said that given the importance of personal information and the legal implications for companies that store the individuals’ data, the appointment of a regulator and discussions on the implementation of Popi was key.

Barrier

“If the data relates to private individuals based in SA then the law would apply no matter where the data sits. We are not yet sure what this will look like yet and are eager to discuss these and others with the regulator once appointed,” said Kirkland.

It is expected that once the act is fully implemented South Africans will enjoy a level of protection of personal information, but access may still constitute a barrier to legal remedies even though the regulator is empowered to act independently.

Kirkland said that despite all the legal protections, it is important that all citizens protect their personal data.

“We all have a responsibility to protect private information.”


May 2019
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
2728293031