privacy Archives - Swift Tech Law https://swifttechlaw.com/tag/privacy/ Tue, 17 Dec 2019 10:33:12 +0000 en-ZA hourly 1 https://wordpress.org/?v=6.0 /wp-content/uploads/2021/12/cropped-swifttechlaw-1-32x32.png privacy Archives - Swift Tech Law https://swifttechlaw.com/tag/privacy/ 32 32 POPIA REGULATIONS: PRIVACY LAWS ARE TIGHTENING https://swifttechlaw.com/popia-regulations-privacy-laws-are-tightening/ Sun, 20 Jan 2019 07:33:44 +0000 https://swifttechlaw.com/?p=1154 January 2019 has already provided an important reminder of the need for stricter information privacy regulation. On the 17th of this month, the data privacy watch-dog Have I been Pwned uncovered the infamous COLLECTION#1 – a collation of over 1 billion hacked email and password data points. Although a comprehensive data-audit of COLLECTION#1 is still […]

The post POPIA REGULATIONS: PRIVACY LAWS ARE TIGHTENING appeared first on Swift Tech Law.

]]>
January 2019 has already provided an important reminder of the need for stricter information privacy regulation. On the 17th of this month, the data privacy watch-dog Have I been Pwned uncovered the infamous COLLECTION#1 – a collation of over 1 billion hacked email and password data points. Although a comprehensive data-audit of COLLECTION#1 is still in process, an estimated 700 million compromised accounts were hacked in 2019 alone. This begs the question, what are South African regulators doing to protect your personal information? When will the POPIA Regulations be finalised and are privacy laws tightening?

Information Privacy Regulations Finalised Recently

It is no secret that South Africa’s Protection of Personal Information Act (“POPIA”) regulates the processing of personal information domestically. As legislation has increasingly evolved to tackle a cross-border challenge, POPIA’s provisions are aligned to stringent international standards. POPIA is structured in two instruments, the POPI Act and POPIA Regulations. The latter providing supplementary details of what is required to ensure legal compliance. On 14 December 2018, POPIA’s final version Regulations were promulgated affecting the implementation of SA information privacy law in several respects.

Enforcement Date

Certain provisions of POPIA are already in force and have been since 2018. Furthermore the Information Regulator has already been knocking on the doors of companies who have been complained about by data subjects. However, the application of other legal obligations and restrictions only take effect on a date to be determined by the legislature. One of the issues causing the delay of full POPIA enforceability is the promulgation of its Regulations. The promulgation of the latter in December brings complete legal enforceability under POPIA one step closer.

Stricter Regulation of Direct Marketing

Section 69 of POPIA requires direct marketers to obtain consent from data subjects in order to lawfully conduct campaigns targeting them. Failure to do so is an offence which carries heavy fines and penalties. The Regulations impose details regarding how such consent must be obtained. Namely, direct marketers are required to obtain a signed form from the data subject before electronic direct marketing can occur. Depending on how the regulation is implemented in practice, imposing this obligation could create a significant challenge to the direct marketing industry. Although stringent regulation could appear attractive to consumers, they should be reminded that the direct marketing industry is a significant employer and job creator in South Africa. Should the industry down-size, the limitations prescribed in the Regulations could become a poisoned chalice. Direct marketers should familiarise themselves with POPIA Regulations and ensure their organisation is streamlined to comply with POPIA without damaging revenue streams.

The responsibilities of the Information Officer

POPIA’s Regulations also contain further detail on Information Officers. Organisations are required to appoint an individual responsible for ensuring information privacy legal compliance. Much like a company secretary the Information Officer will be involved with legal implementing within their organisation. Amongst other requirements, this involves creating a compliance framework, conducting an information privacy impact assessment and creating a manual which outlines their organisation’s information privacy and security policies. While this seems daunting in practice, the responsibilities of an organisation’s Information Officer will most likely be supplemented by technology and privacy attorneys.

Elevated awareness of importance

As incidents ranging from Facebook’s data abuse to COLLECTION#1 continue to make headlines, the importance of legal regulation will escalate further. The Promulgation of POPIA Regulations are an encouraging step in the right direction as information privacy continues to be of domestic and global importance.

If you have not taken the necessary steps to comply with POPIA, contact SwiftTechLaw here.

The post POPIA REGULATIONS: PRIVACY LAWS ARE TIGHTENING appeared first on Swift Tech Law.

]]>