https://newsletter.en.creamermedia.com

Organisations to be liable for protecting personal data if Info Bill becomes law

9th August 2013

By: Schalk Burger

Creamer Media Senior Deputy Editor

  

Font size: - +

The pending Protection of Personal Information (PoPI) Bill will regulate the access to and processing of personal data of individuals and juristic persons and will result in public and private institutions being responsible for protecting personal data, even from cybercrime attacks, says law firm Webber Wentzel partner Dario Milo.

Public and private organisations will have to ensure the integrity of personal data that they store and must take all reasonable and professional measures to prevent unlawful and unauthorised access to the data, even from their own employees, explains Webber Wentzel associate Greg Palmer.

“Organisations will have to identify internal and external risks and maintain appropriate safeguards, which must be regularly verified. Organi-sations must update processes and systems to mitigate new and foreseeable risks to the integrity of personal data security,” Palmer says.

All organisations will have to inform the data subject – the individual or the legal entity concerned – within a reasonable time when a data breach has occurred. The Bill allows for fines and imprisonment penalties for transgressors.

This will, for example, mean that a hacking breach exposing personal data, such as the hacking of the South African Police Service (SAPS) system, in May, in which thousands of whistle-blowers’ information was published, can make the holder of the personal data, in this case the SAPS, liable for the data breach and the organisation must also inform those affected.

“When we analyse UK personal data privacy and security laws, we find that the most common fines imposed are for data security breaches. The regulator then assesses the rigour of the data protection systems and processes of an organisation – which means that organisations must keep a careful record of their updates and changes to data pro- tection systems and processes to demonstrate that responsible and appropriate action was taken,” highlights Palmer.

Further, the Bill will regulate the extra- territorial exposure of personal data and prohibits the transfer of personal data to territories where the data is not adequately protected. Therefore, companies disseminating data from South Africa, or regarding South African legal persons, will have to ensure sufficient protection of the data in the other countries where they use or store the data, says Milo.

“The Bill also has extraterritorial jurisdiction, which entails that cases of personal data exposure in other countries regarding South African legal persons can be pursued in South Africa,” he explains.

The PoPI Bill regulates any and all information that can be used to identify a legal person, including curricula vitae of employees, closed- circuit television records, paper records and supplier information, among others. Any personal data that is hosted by a third party must also be protected.

Further, the Bill will also regulate direct marketing, which extends to potential and existing customers of companies. Organ-isations will have a one-year grace period to ensure personal data that they have stored is secure or they must expunge the data in any and all formats.

The PoPI Bill will also result in the establishment of an independent Information Regulator that will police and investigate personal data security and breaches, with the power to issue search and seizure orders and enforcement notices, as well as subpoena persons or companies during the course of its investigations, concludes Milo.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

 

Showroom

M and J Mining
M and J Mining

M and J Mining are leading suppliers of physical support systems as used by the underground mining industry. Our selection of products are not...

VISIT SHOWROOM 
The Southern African Institute of Mining and Metallurgy
The Southern African Institute of Mining and Metallurgy

The SAIMM started as a learned society in 1894 after the invention of the cyanide process that saved the South African gold mining industry of the...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Magazine round up | 13 December 2024
Magazine round up | 13 December 2024
13th December 2024

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.379 0.476s - 170pq - 2rq
Subscribe Now