16 / 52
14
Mei/May 2017
In the widely publicised case
pertaining to the South African
Social Security Agency (SASSA)
and the payments of social
security grants brought before
the Constitutional Court, one of
the bones of contention raised
during the arguments on 15
March 2017, pertained to Cash
Paymaster Services’ (CPS) practice
of disclosing personal information
of social grant recipients to one of
its USA subsidiaries, Net1, enabling
Net1 to contact these recipients
directly, offering unsolicited services
or products. Citing the Protection
of Private Information Act, Act 14
of 2013(POPI), this practice by
CPS was argued to be unlawful as
CPS had no right, under POPI, to
forward the personal information of
recipients to a third party.
So, what is the Protection of
Private Information Act, Act
14 of 2013, better known as
POPI?
T
he POPI Act regulates
the way the personal
information of individuals
and legal entities
(companies/institutions/
organisations) may be processed
– meaning the way it is collected,
used, stored, distributed, modified or
destroyed, irrespective whether such
processing is automated or not.
In summary, POPI aims to protect
the personal information of natural
persons and legal entities so that they
do not become victims of identity
theft, fraud, or other incidents that
could have very serious consequences
for them.
How does POPI affect you as
a veterinarian?
As mentioned, POPI deals with the
processing of personal information.
The practice client record-keeping
system is an obvious example of
where such personal information
is processed. However, the scope
of POPI extends well beyond the
veterinarian/client relationship, and
one needs to be aware that it has
a bearing on all the relationships
within a practice such as employer
and employee, between partners or
colleagues, and with your suppliers,
amongst others.
What is meant by personal
information?
POPI defines personal information as
pretty much anything that can be used
to identify an individual in any way –
yes, that’s rather broad! For example,
there are the obvious examples like
an individual’s name, ID, passport
number and address (physical, postal
and e-mail), but then there are the less
obvious examples such as religious
affiliation, sexual orientation, medical
history, criminal record, educational
and financial history and even
biometric data, online identifiers (e.g.
a Twitter handle) and location services
such as phone tracking. Personal
opinions, any private correspondence
and other people’s views about a
person are also included.
What rights/responsibilities
are afforded by POPI?
All individuals and legal entities are
considered to be "data subjects"
and are all afforded the same right
to the protection of their personal
information. However, it should come
as no surprise that with these rights,
there are also counterbalancing
responsibilities. POPI accordingly also
bestows obligations on individuals
and legal entities in their capacity
as “responsible parties” (in practice
this often lands on the shoulders of
the principal/partner/owner, i.e. the
principle of “the buck stops here”).
POPI therefore ultimately holds the
responsible party accountable for
the protection of other data subjects’
personal information that the
responsible party may have in his/her/
its keeping, for instance, the personal
information of clients/suppliers/
business partners/employees/etc.
An individual, as owner of his
own personal information, has the
following rights under POPI:
– to object, on reasonable grounds,
to the processing of his personal
information. Applying this principle
to a client, a data subject, you can
only process the client’s personal
information with his consent,
which consent was given for the
purpose of treating his animal,
subsequent invoicing, etc. If you
receive a potential client’s personal
information from a third party, you
need to contact the aforementioned
>>> 15
POPI has arrived
and no, I
am not referring to your niece!
(Magda Louw: BIuris, LLB (Industrial
Relationship, Human Resources
Management and Consultant)
Article
I Artikel