Unit 4B

Question 1

What does the Protection of Personal Information Act deal with?

Answer 1

➢ Deals with the theft and misuse of people’s personal information has led to the need to promulgate regulations to protect personal information and one’s right to privacy.

Question 2

Function of POPI Act

Answer 2

➢ It sets out the minimum standards regarding accessing and ‘processing’ of any personal information belonging to another person.

Question 3

What is considered “personal” information?

Answer 3

➢ Personal information is any information that may identify a person such as a name, surname, identity number, contact number, email address, religion, medical history, education, financial or any other information that is unique to an
individual.

Question 4

Exclusions to the POPIA

Answer 4

➢ Exclusions relate to the processing of personal information:
▪ In the context of a personal or household activity
▪ That has been de-identified and cannot be re-identified again
▪ On behalf of a public body which involves national security or is required to prevent and detect unlawful activities
▪ By the Cabinet, its committees or the executive
committee of a province
▪ Relating to the judicial function of a court as set out in section 166 of the Constitution.

Question 5

What does POPI not apply to?

Answer 5

❖ The Act does not apply to the processing of personal information solely for the purpose of:
➢ Journalistic
➢ Literary or
➢ Artistic expression… insofar as such a matter is of a public interest.

Question 6

Conditions for Processing Information
❖ Section 9

Answer 6

➢ Personal information must be processed lawfully and in a reasonable manner that doesn’t infringe upon privacy of the data subject.

Question 7

Conditions for Processing Information
❖ Section 10

Answer 7

➢ Personal information may only be processed if the purpose for which it is processed is adequate, relevant and not excessive.

Question 8

Conditions for Processing Information
❖ Section 11

Answer 8

➢ Personal information may only be processed in the context of consent and justification. A data subject may also object to the manner in which a responsible party processes information.

Question 9

What does this mean for Legal Practitioners

Answer 9

❖ Legal professions are to develop effective strategies to safeguard personal information:

❖ Consider HOW to safeguard your employee’s information

❖ Consider Statutory Requirements Regarding medical and

Question 10

List the effective strategies to be developed by Legal professions to safeguard personal information

Answer 10

➢ Compile and document a strategy.
➢ Protect against malware
➢ Making use of cloud services
➢ Communicate with employees
➢ Obtain the relevant consent
➢ Adhere to required storage periods
➢ Destroying records appropriately

Question 11

Case law on Legal Practitioners Consider HOW to safeguard your employee’s information

Answer 11

K.A.B v National Union for Metal workers of South Africa (NUMSA) and Others

Question 12

Case law on Legal Practitioners consider Statutory Requirements Regarding medical and Other Psychological Testing During Recruitment As Well

Answer 12

Hoffmann v South African Airways

Question 13

POPI Act as the Information Regulator

Answer 13

❖ POPI establishes an Information Regulator. In terms POPI, the Information Regulator is an independent that will be accountable to the National Assembly of Parliament.
❖ The Information Regulator can receive complaints from both requesters and third parties in terms of the Promotion of Access
to Information Act (PAIA).
❖ The Information Regulator will have powers to investigate complaints relating to non-compliance with POPI and PAIA.
❖ Overlap of certain functions insofar as POPI Act and PAIA are concerned.

Question 14

Non-Compliance With POPI Act

Answer 14

❖ Sections 100 – 106 of the POPI Act deal with instances where parties would find themselves guilty of an offence. The most relevant of these are:
➢ Any person who hinders, obstructs or unlawfully influences
the Information Regulator
➢ A responsible party which fails to comply with an enforcement notice
➢ Offences by witnesses, for example, lying under oath or failing to attend hearings
➢ Unlawful Acts by responsible party in connection with account numbers
➢ Unlawful Acts by third parties in connection with account number.

Question 15

Section 107

Answer 15

➢ Details which penalties apply to respective offenses.
➢ More Serious Offences
▪ The maximum penalties are R10 million fine or
imprisonment for a period not exceeding 10 years or to both a fine and such imprisonment.
➢ Less Serious Offences
▪ Hindering an official in the execution of a search and seizure warrant the maximum penalty would be a fine or
imprisonment not exceeding 12 months, or to both a fine and such imprisonment.

Question 16

General view on Promotion of
Access to Information Act

Answer 16

➢ The PAIA is a freedom of information law in South Africa. It gives effect to the constitutional right of access to any information held by the State and any information held by private bodies that is required for the exercise and protection
of any rights.

Question 17

❖ Section 32 – Access to Information

Answer 17

➢ (1) Everyone has the right of access to:
▪ (a) Any information held by the state; and
▪ (b) Any information that is held by another person and that is required for the exercise or protection of any rights.
➢ (2) National legislation must be enacted to give effect to this right and may provide for reasonable measures to alleviate the administrative and financial burden on the state

Question 18

PAIA – Objectives

Answer 18

❖ To promote transparency, accountability and effective governance of all public and private bodies.
❖ To assist members of the public to effectively scrutinize and participate in decision making by public bodies.
❖ The ensure that the State promotes a human rights culture and social justice.
❖ To encourage openness.
❖ To establish voluntary and mandatory mechanisms or procedures which give effect to the right of access to information in a speedy, inexpensive and effortless manner.

Question 19

What happens if there’s no compliance with PAIA?

Answer 19

❖ In terms of PAIA:
➢ All public and private bodies in South Africa need to compile
a manual that contains, amongst other things, the postal and
street address, phone number and e-mail address of the head of the entity;
➢ What records are available to an interested party without having to request access in terms of PAIA;
➢ A description of the records of the entity, which are available in accordance with any other legislation; and
➢ How to request records from the entity in terms of PAIA.
❖ An Information Officer of a body who refuses to comply with an
enforcement notice is guilty of an offence and liable upon conviction to a fine or to imprisonment for a period not exceeding
three years or to both such a fine and such imprisonment

Question 20

Section 36 of the Constitution

Answer 20

➢ (1) The rights in the Bill of Rights may be limited only in terms of law of general application to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom, taking into account all relevant factors, including:
▪ (a) The nature of the right.
▪ (b) The importance of the purpose of the limitation.
▪ (c) The nature and extent of the limitation.
▪ (d) The relation between the limitation and its purpose;
and
▪ (e) Less restrictive means to achieve the purpose.
➢ (2) Except as provided in subsection (1) or in any other provision of the Constitution, no law my limit any right entrenched in the Bill of Rights.