Tag archives: POPI

POPIA: 100 days to go

24 March 2020 marked 100 days to the deadline to ensure compliance with the Protection of Personal Information Act, 2013 (POPIA). The Information Regulator (IR) has prioritised certain processes that may be applicable to your organisation (which can be completed before 1 July 2021): Registration of information offices – registration commences on 1 May 2021. … Continue reading

Registration of your POPIA Information Officer (1 May 2021)

On 18 March 2021, the Information Regulator announced on Twitter that: the registration of information officers will commence on 1 May 2021; the Draft Guidelines will be finalised once all public comments are taken into consideration; and registration will be an on-going process to enable new entities to register and for existing one to update … Continue reading

POPI compliance – have you considered your existing data protection measures?

The majority of the Protection of Personal Information Act 2013 (POPI) effectively commenced on 1 July 2020. The sections that commenced deal with how personal information (which is any information that can identify and infringe the privacy rights of a natural or juristic person) may be processed in South Africa or transferred across borders. As POPI … Continue reading

South African Data Privacy laws finally come into force

On 22 June 2020, the effective commencement of the Protection of Personal Information Act 2013 (POPI) was gazetted as 1 July 2020. Anyone processing personal information in South Africa will have a 12 month grace period to ensure that they comply with the requirements of POPI. After 1 July 2021, any non-compliance with POPI will … Continue reading

What does data privacy mean for due diligence investigations?

Given many entities’ proactive compliance with the provisions of the Protection of Personal Information Act despite it not being enforceable, companies should be considering the impact of POPI (or data privacy laws with wide reach) when they carry out due diligence investigations. Depending on the nature of the transaction, the due diligence process can involve … Continue reading

Cyber risk during COVID-19 outbreak

A common response by businesses to the spread of COVID-19 has been to implement measures that require social distancing and remote working. To ensure business continuity, some of these measures rely on the availability of technology like VPN access, as well as the use of online platforms to hold team meetings, client calls, vendor engagement, … Continue reading

POPI – possible date of full commencement 1 April 2020

In a January 2020 interview, the Chairperson of the Information Regulator, Pansy Tlaluka, indicated that her office has requested President Ramaphosa to sign the remaining provisions of POPI into full force by 1 April 2020. These provisions will establish the minimum requirements for lawful processing of personal information with which all private and public persons … Continue reading

Information Regulator: CR17 campaign leaks

Privacy and data protection concerns have been triggered by Public Protector Busisiwe Mkhwebane’s reliance on President Cyril Ramaphosa’s private emails and bank statements of various entities used by his CR17 presidential campaign team. These records were used by Mkhwebane to support her report, which found that Ramaphosa had misled Parliament by failing to declare the … Continue reading

POPI progress

At the end of June 2019 the Information Regulator announced that the process of putting the Protection of Personal Information Act into effect is “going very slowly” and that: A CEO started on 1 June 2019; A CFO started on 1 July 2019; Other executives are being appointed; They are now at a point where they are … Continue reading

UK loss adjusters guilty of breach of data protection

A jury in England has found four individuals and the firm providing loss adjusting and claims management services guilty on charges of unlawfully disclosing personal data that was illegally obtained regarding the financial information of a number of individuals including details of their banking transactions. The firm used private investigators who obtained and disclosed the … Continue reading

Information Regulator makes first statement about unlawful processing

Although the Information Regulator is not yet fully operational, it has already received numerous complaints relating to the unlawful processing of personal information under the Protection of Personal Information Act 2013 (POPI). POPI itself is not yet fully in force. We are currently awaiting publication of a revised draft of the regulations following the closure … Continue reading

POPI regulations published for comment

The Information Regulator published draft regulations under the Protection of Personal Information Act 2013 (POPI) for public comment by 7 November 2017. The regulations cover various procedural items, including: the manner of objecting to the processing of personal information; requests for correction or deletion of personal information; the application form for industry codes of conduct; … Continue reading

Petya or NotPetya – under POPI you must report

Barely recovering from the WannaCry ransomware attack, many across the globe now have to deal with the latest ransomware attack, NotPetya. Originally thought of to be the Petya ransomware for making money, security analysts quickly realised that the current cyber-attack was not designed to make money. It appears that NotPetya has actually just been designed … Continue reading

Information Regulator – more than a POPI regulator

In her latest briefing session on 13 February 2017, advocate Pansy Tlakula, Chairperson of the Information Regulator, elaborated on the work that the office of the Information Regulator will be focused on and the progress they have made thus far, namely: Commencement date The Department of Justice informed the members of the Information Regulator that … Continue reading

Information Regulator held its inaugural meeting on 1 December 2016

According to a media statement issued by the Chairperson of the Information Regulator, Advocate Pansy Tlakula, the Information Regulator’s office held its inaugural meeting on 1 December 2016 at Salu Building in Pretoria. During the meeting the following responsibilities were allocated to the full-time members: Adv Collen Weapond has been designated as the full-time member responsible … Continue reading

POPI Regulator to commence duties on 1 December 2016

The functions of the Information Regulator include: to provide education about the Protection of Personal Information Act, for example, giving advice to data subjects in the exercise of their rights; to monitor and enforce compliance with POPI; to consult with interested parties; to handle complaints; to conduct research and to report to Parliament; to issue … Continue reading

Members of Information Regulator for POPI voted by Parliament

On Wednesday, 7 September 2016, the National Assembly approved the nomination of advocate Pansy Tlakula as the Chairperson of the Information Regulator for the Protection of Personal Information Act 2013 (POPI). Four other appointments that were approved – full-time members Advocate Lebogang Stroom and Johannes Weapond; and part-time members Professor Tana Pistorius and Sizwe Snail. … Continue reading

Medical technology initiatives announced in Health Minister’s budget speech

The use of technology in the health sector is on the rise.  The intersection of these two industries leads to interesting legal questions relating to digital risk, including big data analytics, data security and privacy. In his budget speech on 10 May 2016, Minister Aaron Motsoaledi discussed the following interesting medical technology initiatives being undertaken … Continue reading

Prepare for POPI – regulator shortlist

On Wednesday, 13 April 2016, ten shortlisted candidates were named by the Portfolio Committee on Justice and Correctional Services for five positions within the Information Regulator established in terms of the Protection of Personal Information Act 2013 (POPI). The shortlisted candidates are: Advocate Pansy Tlakula Mr Johannes Weapond Mr David Taylor Adv Lebogang Stroom Mr … Continue reading

Can you be traced through your internet activity?

Each device which accesses the internet is allocated a unique number (Internet Protocol or IP address) by its internet service provider (ISP). A record is created each time this IP address accesses a webpage, including the date, time and URL (website address) accessed. These records are stored by the ISP. ISPs are prohibited from providing … Continue reading

South African perspective on ECJ ruling that Safe Harbo(u)r is invalid

South Africa’s Protection of Personal Information Act 2013 (POPI) is largely based on the principles of the EU data protection directive. This includes the requirement that personal information must be adequately protected when transferred cross-border (assuming none of the other grounds apply). As the US does not have privacy laws equivalent to the EU it … Continue reading
LexBlog