Previous Page  17 / 52 Next Page
Information
Show Menu
Previous Page 17 / 52 Next Page
Page Background

Mei/May 2017

15

client and get permission to keep

his personal information in your

database (providing the reasons for

such request);

– to object in the event where

personal information, collected

for a valid reason, is used for a

purpose other than what it was

initially collected for. If you wish to

use a client’s personal information

for another purpose, for example,

using his email address on your

database to send unsolicited

newsletters to him, the client needs

to consent to that as well;

– to be notified that personal

information has been accessed

or acquired by an unauthorised

person. For example, one of your

employees discloses your client

list to his wife, who runs a travel

agency enabling her to contact

your clients to offer special holiday

deals to them. You must inform the

clients of such disclosure;

– to establish whether a responsible

party holds personal information

and request access to it;

– to request proof that adequate

measures and controls are in

place to track access and prevent

unauthorised people, even within

the same company, from accessing

private information. For example,

he can request proof from a

banking institution as to what

measures have been put in place

to track access from unauthorised

people;

– to request the correction,

destruction or deletion of his

personal information. For example,

your application for a position at AB

Veterinary Practice is unsuccessful.

Later, you receive a letter from

AB veterinary practice, enquiring

whether you would be interested

in buying small animal food from

them. You now have the right

under law, to request the AB

Veterinary Practice to either delete

your information on its database or

to correct it.

How does POPI deal with

telemarketers?

As an interesting aside, POPI also

regulates how telemarketers should

conduct their business. In case of

direct marketing, the telemarketer only

has one opportunity to ask the person

whom he has contacted, whether that

person would like to opt in to receive

marketing information. For example,

when contacted by a telemarketer,

you must be given the option to

opt in. This means that you must

take a concrete action (give explicit

consent) like saying “yes”, thereby

declaring that you want to receive the

information.

This is different from opt out, often

called “presumed consent,” in which

you are presumed to be consenting

unless you act to register your

unwillingness.

That still leaves us with the question:

“Mr. Telemarketer, where did you get

my contact details?”

So, what’s the worst that can

happen to you for blowing

POPI off?

The final responsibility for compliance

with POPI rests with the responsible

party even in instances where the

personal information collection

process has been entrusted to an

employee or to a third party. If, for

example, you do not respect a client’s

wishes, the aggrieved client could

report your conduct to the POPI

Regulator. Depending on the outcome

you may also

- suffer reputational damage,

resulting in loss of customers

- pay out millions in damages in civil

actions

- be fined R10-million or up to 10

years’ imprisonment.

It is therefore of the utmost

importance that all veterinarians and

their employees not only understand

the issues at hand but also that they

work towards POPI compliance.

So, what can you do, now

that you have been frightened

onto the straight and narrow?

Certain sections of POPI have

already commenced whilst the

majority (especially those that create

compliance requirements) will only

commence on a later date to be

proclaimed by the President. It is

uncertain when

they will be

implemented,

we simply do

not know, but do

not foresee that

it will be before

the Information

Regulator is

operational,

which might be at

the end of 2017 or even in 2018.

Still to be published is the regulations,

which would be quite helpful in

implementing the provisions in your

line of business (regulations lay out

the practical implementation of the

actual Act). We will also have to see

how POPI interacts with the current

veterinary law and regulations.

So then, if everything still appears up

in the air, what is the point and why

not simply wait and see? Firstly, POPI

will give you a short period within

which to comply, 12 months at this

stage. Secondly, POPI is part common

sense, part plain good practice

management and no doubt, probably

part a pain in the butt – especially in

terms of administrative issues and

reporting. Now is the time, when the

pressure is still off and you don’t have

to fork out a ton of money for a lawyer

or “consultant”, to simply look at the

information flows in your practice.

The golden rule is, all information

collected whereby an individual/

entity may be identified, must be

done so with that individual/entity’s

consent, must be safeguarded and

only divulged or used in a justifiable

manner that does not compromise

that individual/entity’s right to privacy.

Remember, you as the principal/

>>> 16

Article

I Artikel

POPI

has

arrived

and

no

, I

am

not

referring

to

your

niece

!<<< 14

1 12 13 14 15 16 17 18 19 20 21 22 23 52  FlippingBook