The wrong approach to POPI

/, Privacy/The wrong approach to POPI

The wrong approach to POPI

What is the wrong approach to POPI? First it is important to understand what the protection of personal information act 4 of 2013 (POPIA) is trying to achieve, which is to protect the constitutional right to privacy by safeguarding the personal information of people and companies.  However this right also needs to balance against other rights like the right to access personal information that is needed in the course or normal business functions, meaning that your personal information is needed to receive products, services, be employed, go for interviews, supply products or services and almost any activity you undertake with another company.

The POPI act is a principles-based act, which requires that it is applied appropriately to many different situations. The spirit and intention of the act should always be considered in the application of how it is implemented in organisations which should be to take care of any personal information that has been entrusted to them.

POPIA is about PROTECTION of your PERSONAL INFORMATION, not protection of the organization serving you.

Companies who implement a ‘allow us to do whatever we want with the information or don’t do business with us approach’ should be held to account and reproached for this type of attitude towards protecting personal information. It reminds us of an arrogant schoolyard bully and should not be tolerated.

When I look at the privacy policy posted on South African websites and see this type of approach, it says a lot about the type of company they are and how they do business. These companies often also have grand statements somewhere on the website about how they care about their people, social development and helping communities and yet this does not reflect in the approach to protecting the rights and personal information of potential customers, staff or partners.

Companies should indicate that they will take extra care to protect your personal information, and they should let you know who they might have to share the information with in order to perform their normal business functions. They should let you know (the purpose) of why they need the information. You should also see statements of what information is mandatory  to provide the product or service you need, and which information is optional (used to provide you with a better customer experience or to enable them to tailor products and services to your needs).

The protection of personal information should be a part of a culture of ‘the way we do things around here’, ‘because we care’, ‘we are ethical’ and ‘we lead by example’.

When Personal information lands up in the wrong hands, it can lead to identity theft, fraud and other sometimes dangerous outcomes. Unscrupulous companies may be tempted to skirt your rights with prescriptive and prohibitive wording.  It is important to look at the privacy statements of companies, which should be easily available on their website, and decide if this is a company they want to do business with.

If you need any help with training or implementing POPIA in your organisation, please contact us.

By | 2017-11-29T14:53:41+00:00 July 2nd, 2017|