What is the Protection of Personal Information(POPI) Act?
The Protection of Personal Information(PoPI) legislation basically considers your personal information and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control. In the long run, it ensures that South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.
Examples of personal information for an individual could include identity and/or passport number, date of birth and age, phone number/s (including mobile phone number), email address/es, online/Instant messaging identifiers, physical address, gender, race and ethnic origin, photos, voice recordings, video footage (also CCTV), biometric data, marital/relationship status and Family relations, criminal records, private correspondence, Religious or philosophical beliefs including personal and political opinions, employment history and salary information, financial information, education information, physical and mental health information including medical history, blood type, details on your sex life as well as membership to organisations/unions.
This Act therefore covers you in terms of when and how you choose to share your information,the type and extent of information you choose to share, transparency and accountability on how your data will be used, providing you with access to your information as well as the right to have your data removed or destroyed should you wish so, who has access to your information, how and where your information is stored as well as the integrity and continued accuracy of your information.
It is important to note though that this right to protection of “personal information” is not just applicable to a natural person (i.e. an individual) but any legal entity, including companies and also communities or other legally recognised organisations. All of these entities are considered to be “data subjects” and afforded the same right to protection of their information.