Access denied. When may you refuse someone access to their PI?

  • photo of locks

Did you know that people may ask you to delete the personal information you have about them?
The Protection of Personal Information Act (POPI) gives the data subject (a person or company) the right to request access to their personal information (PI) in the possession of a responsible party.
The data subject may also ask that you correct their information, or delete some of their records, or all their records.

What is a Responsible Party? The person(s) or organisation(s) who decide how personal information is processed and what it is used for.

When is it okay to say no?

  • Don’t disclose PI if it would involve the unreasonable disclosure of PI about a third party;
  • Don’t disclose trade secrets, financial, commercial, scientific, or technical information or confidential information of a third party if it will lead to commercial harm;
  • Don’t disclose if supplying the information will be in breach of a duty of confidence with a third party;
  • Don’t disclose if doing so would endanger the life or safety of an individual or would impair the security of a business, transport or other property;
  • Don’t disclose privileged documents;
  • You don’t have to disclose your own trade secrets, financial, commercial, scientific, or technical information, or information that would prejudice your business in contractual or other negotiations or would prejudice in in commercial competition.
  • Don’t disclose if the record contains information about research being carried out by or on behalf of the third party and the disclosure would expose the third party of the person who is carrying out the research to serious disadvantage of if disclosure could jeopardise the research itself.

What about a request to correct, reduce or delete personal information?

If the data subject asks you to correct their personal information, or to delete all or some of their information, you may refuse to do it if, for example, you must keep billing records for tax purposes or another valid business or legal reason. If it is possible to delete copies of records and only keep one copy for your legitimate business or legal purpose, you should do it.

Need more info on POPI?

We have loads of useful POPI related resources to suit all kinds of businesses. From start-ups to listed companies – we’ve got you covered. Drop us a mail and we’ll call you!

2018-03-15T10:25:03+00:00By |POPIA|

About the Author:

Ilze Luttig Hattingh
Ilze is what can only be described as a common sense attorney (the Force is strong with her). She specialises in regulatory compliance, risk management and commercial contract law. She joined us in the beginning of 2016 when she got a bit tired of being an in-house legal advisor. Now she is an out-house legal advisor (she gets stuff sorted out). She finds simple, innovative and business-oriented solutions to compliance management problems. Ilze doesn’t write books, she reads them. Ilze likes the wind in her face when she is riding her bike or travelling the world. She’d love to learn how to make bread, Limoncello and a beautiful Bordeaux blend, and how to paint with oils. She also caught Elizabeth’s Lego bug (come to our offices and you will see). She dislikes people who use jargon like ‘big rocks’, ‘on-boarding’ and ‘this speaks to’. Paul often ‘puts things to her’ just for the reaction. She HATES tomatoes. Want to find out more about Ilze? Take a look at her LinkedIn profile, better yet contact her on or (021) 481 1827.