The Protection of Personal Information Act 4 of 2013 (“POPI”) was promulgated in November 2013. It contains all the provisions for the protection of personal information within our borders. POPI will take legal precedent over other relating laws such as the Electronic Communications and Transactions Act and Promotion of Access to Information Act. In other words, all organisations will have to adhere to the statute, be they Responsible Parties and/or Operators.
Despite all the noise made in the media, consent remains the most powerful tool in safeguarding your organisation from the legal ramifications of not adhering to PoPi. Consent under POPI is evidenced by an expression of will or of understanding. In the case of background screening, candidates are required to consent to certain conditions, including the following:
POPI - The Protection of Personal Information Act 4 of 2013
- Consent for collection and further processing of personal information
- Consent to processing of special personal information (such as biometric data)
- Consent to the transfer of information across-borders to countries without adequate data protection laws
- Consent for indefinite data retention, which can be withdrawn by the data subject under certain circumstances.