What is POPIA?
The Protection of Personal Information Act, also known as POPIA is South Africa’s new data protection law and is designed to provide citizens of South Africa with rights over how companies and organisations acquire, process, manage, safeguard and dispose of their personal information.
Effectively the equivalent of the European Union’s General Data Protection Regulation (GDPR), POPIA came into full effect on 1 July 2021 and is now enforceable by law.
The Act outlines how companies manage personal informational related to their employees, suppliers and customers and compels them to establish policies to ensure they manage personal information and take measures to safeguard the privacy of people’s information.
The Constitution is the supreme law in South Africa and Section 14 of the Constitution details individual’s right to privacy. The Electronic Communications and Transactions Act (ECTA) also makes provision for how personal information is collected but POPIA now provides a broad and clear definition for personal information and how this information can be collected, how it is recorded and organised. The Act also outlines how personal information can be shared and used, which is an important aspect especially in relation to how personal information is harnessed for the purposes of marketing.
What is personal information?
In terms of POPIA, personal information is any kind of information relating to an identifiable, living natural person, company or similar legal entity. This includes but is not limited to names, addresses, telephone numbers, email addresses, information about age, race, gender, appearance, characteristics, sexual orientation, religious beliefs, language, health data, well-being and disabilities.
Some of the less obvious personal information related to data subjects includes online identifiers such as IP addresses, cookies, location data and internet browser history.
What is an IP address?
An IP address is a unique address that identifies a computer or device on the internet. “IP” stands for “Internet Protocol” and the actual address is a set of numbers (e.g.;192.0.2.1) that is linked to all online activity that a particular computer or device engages in.
What is a cookie?
Most browsers are initially set up to accept cookies however, it is possible to reset browser settings or change them to refuse all cookies or indicate when a cookie is being sent. The Help feature on most web browsers can provide information on how to accept cookies, disable cookies or to notify a user when receiving a new cookie.
What does “POPIA compliant” actually mean?
If a website, company or organisation is hosted or located in South Africa and processes personal information, it is automatically obligated to comply with POPIA. For most companies and organisations first contact with a potential customer is through a visit to their website. This is a crucial touch point to cover in terms of POPIA but by no means the only one.