Tag archives: POPI

POPIA: 100 days to go

By Priyanka Naidoo on March 26, 2021 Posted in General

24 March 2020 marked 100 days to the deadline to ensure compliance with the Protection of Personal Information Act, 2013 (POPIA). The Information Regulator (IR) has prioritised certain processes that may be applicable to your organisation (which can be completed before 1 July 2021): Registration of information offices – registration commences on 1 May 2021. … Continue reading

Registration of your POPIA Information Officer (1 May 2021)

By Priyanka Naidoo on March 25, 2021 Posted in General

On 18 March 2021, the Information Regulator announced on Twitter that: the registration of information officers will commence on 1 May 2021; the Draft Guidelines will be finalised once all public comments are taken into consideration; and registration will be an on-going process to enable new entities to register and for existing one to update … Continue reading

POPI compliance – have you considered your existing data protection measures?

By Desiree Reddy (ZA) and Claire Friedman on July 3, 2020 Posted in General

The majority of the Protection of Personal Information Act 2013 (POPI) effectively commenced on 1 July 2020. The sections that commenced deal with how personal information (which is any information that can identify and infringe the privacy rights of a natural or juristic person) may be processed in South Africa or transferred across borders. As POPI … Continue reading

South African Data Privacy laws finally come into force

By Rosalind Lake (ZA) and Priyanka Naidoo on June 22, 2020 Posted in General

On 22 June 2020, the effective commencement of the Protection of Personal Information Act 2013 (POPI) was gazetted as 1 July 2020. Anyone processing personal information in South Africa will have a 12 month grace period to ensure that they comply with the requirements of POPI. After 1 July 2021, any non-compliance with POPI will … Continue reading

What does data privacy mean for due diligence investigations?

By Rosalind Lake (ZA) and Priyanka Naidoo on June 17, 2020 Posted in General

Given many entities’ proactive compliance with the provisions of the Protection of Personal Information Act despite it not being enforceable, companies should be considering the impact of POPI (or data privacy laws with wide reach) when they carry out due diligence investigations. Depending on the nature of the transaction, the due diligence process can involve … Continue reading

Cyber risk during COVID-19 outbreak

By Priyanka Naidoo and Rosalind Lake (ZA) on March 17, 2020 Posted in General

A common response by businesses to the spread of COVID-19 has been to implement measures that require social distancing and remote working. To ensure business continuity, some of these measures rely on the availability of technology like VPN access, as well as the use of online platforms to hold team meetings, client calls, vendor engagement, … Continue reading

POPI – possible date of full commencement 1 April 2020

By Priyanka Naidoo on January 30, 2020 Posted in General

In a January 2020 interview, the Chairperson of the Information Regulator, Pansy Tlaluka, indicated that her office has requested President Ramaphosa to sign the remaining provisions of POPI into full force by 1 April 2020. These provisions will establish the minimum requirements for lawful processing of personal information with which all private and public persons … Continue reading

Information Regulator: CR17 campaign leaks

By Priyanka Naidoo on October 3, 2019 Posted in General

Privacy and data protection concerns have been triggered by Public Protector Busisiwe Mkhwebane’s reliance on President Cyril Ramaphosa’s private emails and bank statements of various entities used by his CR17 presidential campaign team. These records were used by Mkhwebane to support her report, which found that Ramaphosa had misled Parliament by failing to declare the … Continue reading

POPI progress

By Patrick Bracher (ZA) on July 23, 2019 Posted in General

At the end of June 2019 the Information Regulator announced that the process of putting the Protection of Personal Information Act into effect is “going very slowly” and that: A CEO started on 1 June 2019; A CFO started on 1 July 2019; Other executives are being appointed; They are now at a point where they are … Continue reading

Protection of Personal Information Act – Regulations published

By Patrick Bracher (ZA) on December 17, 2018 Posted in General

The Regulations to the Protection of Personal Information Act have been published by the Information Regulator. They will commence on a date to be determined. The regulations are fairly short, but contain a raft of forms relating to the processing of information, for example: a form for objecting to the processing of personal information; requests … Continue reading

UK loss adjusters guilty of breach of data protection

By Patrick Bracher (ZA) on March 29, 2018 Posted in General

A jury in England has found four individuals and the firm providing loss adjusting and claims management services guilty on charges of unlawfully disclosing personal data that was illegally obtained regarding the financial information of a number of individuals including details of their banking transactions. The firm used private investigators who obtained and disclosed the … Continue reading

Information Regulator makes first statement about unlawful processing

By Kerri Gevers (SG) on February 18, 2018 Posted in General

Although the Information Regulator is not yet fully operational, it has already received numerous complaints relating to the unlawful processing of personal information under the Protection of Personal Information Act 2013 (POPI). POPI itself is not yet fully in force. We are currently awaiting publication of a revised draft of the regulations following the closure … Continue reading

POPI regulations published for comment

By Kerri Gevers (SG) on September 11, 2017 Posted in General

The Information Regulator published draft regulations under the Protection of Personal Information Act 2013 (POPI) for public comment by 7 November 2017. The regulations cover various procedural items, including: the manner of objecting to the processing of personal information; requests for correction or deletion of personal information; the application form for industry codes of conduct; … Continue reading

Petya or NotPetya – under POPI you must report

By Kerri Gevers (SG) and Rakhee Bhikha on July 3, 2017 Posted in General

Barely recovering from the WannaCry ransomware attack, many across the globe now have to deal with the latest ransomware attack, NotPetya. Originally thought of to be the Petya ransomware for making money, security analysts quickly realised that the current cyber-attack was not designed to make money. It appears that NotPetya has actually just been designed … Continue reading

Information Regulator – more than a POPI regulator

By Tatum Govender (ZA) and Rakhee Bhikha on February 27, 2017 Posted in General

In her latest briefing session on 13 February 2017, advocate Pansy Tlakula, Chairperson of the Information Regulator, elaborated on the work that the office of the Information Regulator will be focused on and the progress they have made thus far, namely: Commencement date The Department of Justice informed the members of the Information Regulator that … Continue reading

Information Regulator held its inaugural meeting on 1 December 2016

By Nerushka Bowan on December 6, 2016 Posted in General

According to a media statement issued by the Chairperson of the Information Regulator, Advocate Pansy Tlakula, the Information Regulator’s office held its inaugural meeting on 1 December 2016 at Salu Building in Pretoria. During the meeting the following responsibilities were allocated to the full-time members: Adv Collen Weapond has been designated as the full-time member responsible … Continue reading

POPI Regulator to commence duties on 1 December 2016

By Nerushka Bowan on October 27, 2016 Posted in General

The functions of the Information Regulator include: to provide education about the Protection of Personal Information Act, for example, giving advice to data subjects in the exercise of their rights; to monitor and enforce compliance with POPI; to consult with interested parties; to handle complaints; to conduct research and to report to Parliament; to issue … Continue reading

Members of Information Regulator for POPI voted by Parliament

By Nerushka Bowan on September 8, 2016 Posted in General

On Wednesday, 7 September 2016, the National Assembly approved the nomination of advocate Pansy Tlakula as the Chairperson of the Information Regulator for the Protection of Personal Information Act 2013 (POPI). Four other appointments that were approved – full-time members Advocate Lebogang Stroom and Johannes Weapond; and part-time members Professor Tana Pistorius and Sizwe Snail. … Continue reading

Medical technology initiatives announced in Health Minister’s budget speech

By Nerushka Bowan and Rakhee Bhikha on June 6, 2016 Posted in General

The use of technology in the health sector is on the rise. The intersection of these two industries leads to interesting legal questions relating to digital risk, including big data analytics, data security and privacy. In his budget speech on 10 May 2016, Minister Aaron Motsoaledi discussed the following interesting medical technology initiatives being undertaken … Continue reading

Information Regulator appointment postponed

By Kerri Gevers (SG) and Maremo Matlou on May 30, 2016 Posted in General

The vote by the National Assembly on whether to adopt the justice committee’s recommendations on the appointment of the Information Regulator under the Protection of Personal Information Act 2013 (POPI) was postponed on 26 May 2016, due to the lack of present members of parliament to secure a majority vote. 201 votes are required to … Continue reading

Prepare for POPI – regulator shortlist

By Nerushka Bowan on April 18, 2016 Posted in General

On Wednesday, 13 April 2016, ten shortlisted candidates were named by the Portfolio Committee on Justice and Correctional Services for five positions within the Information Regulator established in terms of the Protection of Personal Information Act 2013 (POPI). The shortlisted candidates are: Advocate Pansy Tlakula Mr Johannes Weapond Mr David Taylor Adv Lebogang Stroom Mr … Continue reading

Aggravated Damages and the Protection of Personal Information Act

By Donald Dinnie on March 2, 2016 Posted in Insurance

The Protection of Personal Information Act (which is best described as the Data Privacy Act and not a flower) permits a data subject to institute a civil action for damages where there has been a breach of the Act. A court may award an amount that is just and equitable including payment of damages as … Continue reading

Can you be traced through your internet activity?

By Kerri Gevers (SG) on October 26, 2015 Posted in General

Each device which accesses the internet is allocated a unique number (Internet Protocol or IP address) by its internet service provider (ISP). A record is created each time this IP address accesses a webpage, including the date, time and URL (website address) accessed. These records are stored by the ISP. ISPs are prohibited from providing … Continue reading

South African perspective on ECJ ruling that Safe Harbo(u)r is invalid

By Nerushka Bowan on October 13, 2015 Posted in General

South Africa’s Protection of Personal Information Act 2013 (POPI) is largely based on the principles of the EU data protection directive. This includes the requirement that personal information must be adequately protected when transferred cross-border (assuming none of the other grounds apply). As the US does not have privacy laws equivalent to the EU it … Continue reading