The Protection of Personal Information Act (POPIA) is set to kick in in the first half of 2018, according to the Information Regulator. Businesses have been scrambling to get their information governance practices in line with POPIA’s requirements. But what difference will it make to the lives of consumers?
According to the preamble of POPIA, it intends to:
- promote the protection of personal information processed by public and private bodies.
- provide for codes of conduct.
- introduce certain conditions that will establish minimum requirements for the processing of personal information.
- provide for the rights of persons regarding unsolicited electronic communications and automated decision making, amongst others.
Your personal information is valuable and needs to be managed carefully. Know your rights, and protect your privacy.
Let’s look at some of the new consumer rights created by POPIA:
- The right to know what information is collected.
If a company asks you for your information, for example when you complete an application form for a store account, they must tell you what information about you they are collecting. If they are getting information from other sources, for instance if they do a credit check with a credit bureau, they must tell you from where they get the information. They must also indicate what information is voluntary and what is mandatory, and explain the consequences if you don’t provide the information.
- The right to know who your information will be shared with.
Companies that have your information must notify you about what they do with it. For instance, they must indicate who they share it with and if they will be sending it overseas.
- The right to access to your information.
You have the right to request access to the personal information in the possession of a company. You may ask them to confirm whether they have your information, a description of what information they have and the identity of any third parties who have had access to that information.
- The right to request correction or deletion of information.
You may ask a company to correct or delete inaccurate, irrelevant, excessive, out of date or incomplete information. In some circumstances, the company can refuse such a request, but these are limited and must be explained.
- The right to refuse direct marketing.
A company must ask you for your consent before they can send you direct marketing communications if you are a potential or ‘new’ customer. They must ask you to confirm how you want to receive the communication, for example via email or SMS, and for which goods or services. They may only contact you once to get your consent. If you say no, they may not contact you again about that same topic. If you are an ‘existing customer’, for instance if you have previously bought goods or services from the company, they may market similar goods or services to you until you opt-out.
Keep informed about privacy
28 January is Data Privacy Day, created to raise awareness and promote privacy and data protection. To read more about how you can protect your data and your rights in terms of POPIA check out this blog series on data and privacy.