POPI is designed to safeguard personal information. It balances the legitimate needs of organisations to collect, record and use personal information for business and other purposes against the right of individuals to have their personal information kept private and safeguarded. POPI applies to both private and public bodies.

Personal information is everywhere in an organisation and in order to protect the organisation from non-compliance and the associated penalties, it is necessary for all staff members to be aware of and adhere to the conditions for the lawful processing of personal information. No matter what job a person does, or what position they hold, they will come into contact with personal information.
Personal Information is a very wide concept and basically includes everything about a natural person, as well as a company. It includes information about a person’s race, gender, marital status, age, physical or mental health, language, religion, education, medical, criminal, financial or employment history, contact details, personal opinions, view or preferences and confidential correspondence.

Processing is very widely defined and includes the collection, collation, storage, use, erasure, destruction, alteration or distribution of a record which shows personal information. Anything that is done with personal information from the time it is received to the time it is destroyed, is processing.
A record is any form of recorded information, whether electronic, written, graphical or diagrammatic.

To ensure compliance with POPI:

• Analyse standard client communication and forms
• Analyse building security
• Analyse procurement database to ensure that 3rd party vendors have the necessary requirements in respect of POPI
• Encrypting laptops
• Assess the use of memory sticks and deploying encrypted memory sticks.
• Implement “clean desk, clear screen” policy
• Identify the source, purpose and grounds for processing of information as well as who accessed the information.

The above are guidelines and do not address all the requirements of POPI. Contact your advisor to ensure that your company complies with the Protection of Personal Information Act.

Aneesa Khan | Finance Manager