Access denied. When may you refuse someone access to their PI?

Did you know that people may ask you to delete the personal information you have about them?
The Protection of Personal Information Act (POPI) gives the data subject (a person or company) the right to request access to their personal information (PI) in the possession of a responsible party.
The data subject may also ask that you correct their information, or delete some of their records, or all their records.

What is a Responsible Party? The person(s) or organisation(s) who decide how personal information is processed and what it is used for.

When is it okay to say no?

• Don’t disclose PI if it would involve the unreasonable disclosure of PI about a third party;
• Don’t disclose trade secrets, financial, commercial, scientific, or technical information or confidential information of a third party if it will lead to commercial harm;
• Don’t disclose if supplying the information will be in breach of a duty of confidence with a third party;
• Don’t disclose if doing so would endanger the life or safety of an individual or would impair the security of a business, transport or other property;
• Don’t disclose privileged documents;
• You don’t have to disclose your own trade secrets, financial, commercial, scientific, or technical information, or information that would prejudice your business in contractual or other negotiations or would prejudice you in commercial competition.
• Don’t disclose if the record contains information about research being carried out by or on behalf of a third party, and the disclosure would expose the third party or the person who is carrying out the research to serious disadvantage, or if disclosure could jeopardise the research itself.

What about a request to correct, reduce or delete personal information?

If the data subject asks you to correct their personal information, or to delete all or some of their information, you may refuse to do it if, for example, you must keep billing records for tax purposes or another valid business or legal reason. If it is possible to delete copies of records and only keep one copy for your legitimate business or legal purpose, you should do it.

Need more info on POPI?

We have loads of useful POPI related resources to suit all kinds of businesses. From start-ups to listed companies – we’ve got you covered. Drop us a mail and we’ll call you!