Your right to privacy. How will it change under POPIA?

The Protection of Personal Information Act (POPIA) is set to kick in in the first half of 2018, according to the Information Regulator. Businesses have been scrambling to get their information governance practices in line with POPIA’s requirements. But what difference will it make to the lives of consumers?
According to the preamble of POPIA, it intends to:

  • promote the protection of personal information processed by public and private bodies.
  • provide for codes of conduct.
  • introduce certain conditions that will establish minimum requirements for the processing of personal information.
  • provide for the rights of persons regarding unsolicited electronic communications and automated decision making, amongst others.

Your personal information is valuable and needs to be managed carefully. Know your rights, and protect your privacy.
Let’s look at some of the new consumer rights created by POPIA:

  1. The right to know what information is collected.
    If a company asks you for your information, for example when you complete an application form for a store account, they must tell you what information about you they are collecting. If they are getting information from other sources, for instance if they do a credit check with a credit bureau, they must tell you from where they get the information. They must also indicate what information is voluntary and what is mandatory, and explain the consequences if you don’t provide the information.
  2. The right to know who your information will be shared with.
    Companies that have your information must notify you about what they do with it. For instance, they must indicate who they share it with and if they will be sending it overseas.
  3. The right to access to your information.
    You have the right to request access to the personal information in the possession of a company. You may ask them to confirm whether they have your information, a description of what information they have and the identity of any third parties who have had access to that information.
  4. The right to request correction or deletion of information.
    You may ask a company to correct or delete inaccurate, irrelevant, excessive, out of date or incomplete information. In some circumstances, the company can refuse such a request, but these are limited and must be explained.
  5. The right to refuse direct marketing.
    A company must ask you for your consent before they can send you direct marketing communications if you are a potential or ‘new’ customer. They must ask you to confirm how you want to receive the communication, for example via email or SMS, and for which goods or services. They may only contact you once to get your consent. If you say no, they may not contact you again about that same topic. If you are an ‘existing customer’, for instance if you have previously bought goods or services from the company, they may market similar goods or services to you until you opt-out.

Keep informed about privacy
28 January is Data Privacy Day, created to raise awareness and promote privacy and data protection. To read more about how you can protect your data and your rights in terms of POPIA check out this blog series on data and privacy.

About the Author:

Ilze Luttig Hattingh
Ilze is what can only be described as a common sense attorney (the Force is strong with her). She specialises in regulatory compliance, risk management and commercial contract law. She joined us in the beginning of 2016 when she got a bit tired of being an in-house legal advisor. Now she is an out-house legal advisor (she gets stuff sorted out). She finds simple, innovative and business-oriented solutions to compliance management problems. Ilze doesn’t write books, she reads them. Ilze likes the wind in her face when she is riding her bike or travelling the world. She’d love to learn how to make bread, Limoncello and a beautiful Bordeaux blend, and how to paint with oils. She also caught Elizabeth’s Lego bug (come to our offices and you will see). She dislikes people who use jargon like ‘big rocks’, ‘on-boarding’ and ‘this speaks to’. Paul often ‘puts things to her’ just for the reaction. She HATES tomatoes. Want to find out more about Ilze? Take a look at her LinkedIn profile, better yet contact her on or (021) 481 1827.