eMail alerts & Newsletter

Sign up to receive email updates when new content is loaded on the site.
Newsletter: From Evidence to Action

SA schools and parents need to be more aware of how they use personal data

The Protection Of Personal Information Act (POPI) has businesses in a bit of a spin.

There’s only one year or so left for them to become compliant with the legislation, which obliges companies and businesses to take active measures to protect your privacy, data and personal information and naturally they’re bridling at the cost.

But while companies are busy stressing out over a possible R10 million fine if they lose personal data through a breach, the Act will also affect individuals. Average citizens don’t have to be POPI complaint, but the companies that you deal with has to – which will have huge implications to you.

David Taylor and Francis Cronje co-wrote 101 Questions & Answers about The Protection Of Personal Information Act, and Cronje says that private individuals should educate themselves about the legislation as it will empower them to make sure their private data is correctly stored and handled by companies.

“People have to become more aware of it as private individuals. When you go to the doctor and get prescription medication – do you know how much personal information is on that label?” Cronje said a media roundtable attended by htxt.africa today.

The point that Cronje is trying to drive home is you need to be aware of how your information is handled and disposed of. He gave the example of some syndicates that will pay rubbish diggers rather handsomely to go through the trash outside your house, just to look for personal information like ID numbers.

While the pharmacy might not have an influence on how the medicine bottle is disposed of, individuals have to make sure that they don’t put their own private data and information into the wrong hands.

But it boils down to a much larger initiative than just those large companies who make it their business to store data or keep private information on record, like insurance companies or banks. Private information, which can include anything from home address, parents’ occupation and possibly ID numbers, are all stored at educational institutions too.

“It’s scary what happens on a school level – they have a lot of information about children and share that with other institutions [like universities and even psychologists],” says Cronje, “What happens when there is a data breach or the information gets intercepted by unauthorised people?”

Cronje says that POPI actually needs to be included in the school curriculum, so that learners from an early age can be made aware that they have a right to have their personal information kept safe and secure whether that be by South Africa companies, or social media websites.

“But not only that, POPI needs to be in the curriculum. Kids need to beware of their social media habits and the type of websites that they visit – awareness is going to be the key,” Cronje said.

It has been 12 months since the Act has been legislated but no regulator has been appointed yet. Once that position is filled, companies will only have another 12 months to fully comply with the Act, or face fines.

But a major problem is that companies don’t have to legally comply with that Act – until someone complains. And once a complaint has been lodge and the business is found not to be POPI complaint, it will be fined R10 million.

Cronje’s colleague David Taylor echoed the same sentiment, saying that every citizen has the right to privacy in South Africa, and that they need to put pressure on companies to become compliant.

“[Everybody has a] right to privacy and it has to become law. It is important to protect any information that can identify a person, and this is what this law is trying to do. It has been modelled on the European model, and has been designed to protect electronic as well as physical information.”

Both Cronje and Taylor stressed that the reputational damage to companies from a data, security or privacy breach will far outstrip the financial implications by becoming POPI compliant.

“Reputation will out way the risk to losing customer data. Customers will become educated through various initiative by the Regulator and one data breach could spark a consumer outcry.”

SA schools and parents need to be more aware of how they use personal data