As part of our series of articles discussing POPI, in this article we provide insight into the requirements set out in Condition 6.
Condition 6: Openness
Insight: POPI includes specific references to the requirements of the Promotion of Access to Information Act (PAIA).
This means that people whose personal information companies process has the right to request details regarding the collection, storage, sharing and processing of this information. This in turn means that companies must know where to locate these details and how to provide it. It therefore becomes imperative to track the collection purposes, planned uses and locations of personal information.
Tying this condition back to the “purpose specification” requirements, companies must ensure that the way they notify persons of their privacy practices are effective and compliant with existing/ relevant industry legislation. These notifications must be carried out going forward as well as for existing processing (i.e. existing clients/ persons whose personal information is already being processed; and consent obtained where specific exclusions are not applicable).
It is important to assess which notification mechanisms works best for your environment based on the aim of the notification. A layered approach is usually recommended (using more than one mechanism) to address as many compliance requirements in the most effective and fair way.
NOTE: The insight in this article is not aimed at providing legal advice. Further the content of this article may be subject to change based on amendments to the Protection of Personal Information Act, No. 4 of 2013 and requirements of related industry legislation and codes of conduct.