On 22 June President Cyril Ramaphosa announced the commencement of certain sections of the Protection of Personal Information Act 4 of 2013 (POPIA), which aims to –
According to the statement by the Presidency, POPIA gives effect to s 14 of the Constitution, which provides that ‘everyone has the right to privacy’. Certain sections of POPIA have been in operation since April 2014, some of which include those relating to the establishment of the Information Regulator. The members of the Information Regulator took office on 1 December 2016. Many of the remaining provisions of POPIA could only be put into operation at a later stage as the provisions required the Information Regulator to first assume its powers, functions and duties in terms of POPIA. Sections 2 to 38; ss 55 to 109; s 111; and s 114(1), (2) and (3) will commence on 1 July. Sections 110 and 114(4), which deal with the transfer of the enforcement of PAIA from the South African Human Rights Commission to the Information Regulator will come into effect on 30 June 2021.
The commencement of these sections of POPIA will provide data subjects with a remedy in instances when their personal information is abused. In a statement, the Information Regulator has noted that POPIA gives it effective enforcement powers for non-compliance. These powers include, the issuing of an administrative fine of up to R 10 million and the institution of a civil action by the Information Regulator on behalf of a data subject. In addition, the contravention of certain sections of POPIA attracts a fine or imprisonment for a period not exceeding ten years or both a fine and imprisonment. Since POPIA grants public and private bodies a grace period of one year (until 1 July 2021) to comply with POPIA, the Information Regulator has requested that public and private bodies use this period to comply.
The sections, which will commence on 1 July, pertain, inter alia, to –
Legal practitioners are privy to sensitive information, the importance of safeguarding that information goes without saying. Legal practitioners are advised to implement mechanisms that ensure lawful processing of personal information.
Would you like to write for De Rebus?De Rebus welcomes article contributions in all 11 official languages, especially from legal practitioners. Practitioners and others who wish to submit feature articles, practice notes, case notes, opinion pieces and letters can e-mail their contributions to derebus@derebus.org.za. The decision on whether to publish a particular submission is that of the De Rebus Editorial Committee, whose decision is final. In general, contributions should be useful or of interest to practising attorneys and must be original and not published elsewhere. For more information, see the ‘Guidelines for articles in De Rebus’ on our website (www.derebus.org.za).
|
This article was first published in De Rebus in 2020 (July) DR 3.