The Protection of Personal Information Act, 2013 (Act No.4 of 2013) (‘POPIA’) gives effect to the constitutional right to privacy articulated in section 14 of the Constitution. Its main objective is to protect people from having their personal information misused and abused by others. It aims among others, to regulate the collection and processing of personal information by both private and public bodies including the State. It also establishes the Information Regulator with the mandate of promoting and enforcing the rights provided by POPIA.
The commencement date of the majority of POPIA sections have not yet been proclaimed by the President as only a few sections of POPIA, for example, definitions, the part that deals with the establishment of the Information Regulator, powers, functions etc, making and procedure of making regulations.
Impact of POPIA on the NSG
POPIA places obligations on the NSG as a responsible party to lawfully possess personal information. Personal information is information relating to an identifiable, living, natural and juristic person including but not limited to race, gender, sex, marital status, religion, culture, language, education, employment history, email address, physical address, biometric, etc.
The NSG as a training institution processes personal information through collecting, receiving, storing, using, updating, disseminating personal information of its learners, employees and service providers on daily basis. Hence, the NSG is obliged by POPIA to lawfully process personal information of its learners, employees, service providers in order to protect them against misuse and abuse of their personal information. It is imperative that the NSG we comply with POPIA by ensuring lawful processing of information and avoid data breaches as penalties for non-compliance range between one million and ten million or an imprisonment of one to ten years, as well as compensation for damages that data subjects may have suffered.
Even though there is a grace period of one year that will be provided from the commencement date of POPIA, it is advisable that the NSG ensures there are systems and measures in place for full compliance to POPIA. In this regard, the Directorate: Legal, Contract Management and Compliance will develop relevant policies and procedures as well as conducting awareness and advocacy sessions on POPIA.
For any POPIA related queries, you can call (012 441 6734) or send an email to Mr Tshepo Moatshe at Tshepo.Moatshe@thensg.gov.za.
Directorate: Legal, Contract Management and Compliance
PROTECTION OF PERSONAL INFORMATION ACT 2013