Popi Act is here, is your business ready?
Share this article:
LABOUR law specialist Grant Wilkinson has warned businesses to get their ducks in a row as the Protection of Personal Information Act is soon to take effect.
The much-anticipated Popi Act comes into effect on July 1, giving businesses until the end of this month to comply with the new legislation. The act was signed into law in 2013 but parts of it became effective a year later.
Regulated by the information regulator, the act will be used as a reference in instances where consumers feel that their personal information is abused or companies demand personal information when it is not necessary.
“The act provides rights and relief to clients in protecting their personal information, all companies that process personal information must comply with the Popi Act,” said Wilkinson.
To ensure compliance with the act, Wilkinson said there were certain steps companies needed to take.
“Appoint an information officer, if you haven’t appointed one in writing, the CEO of the company will automatically become one. Develop a compliant framework for the organisation. Do an impact assessment, also have policies in place should an information breach occur".
He said there would be potential civil claims from the people who were compromised during the information breach; hence it was important to have processes in place.
Companies that use chatbots in their businesses also need to ensure that they comply with the act. A chatbot is an operating system that automates and simulates a conversation with humans in written or spoken form.
Webber Wentzel’s candidate attorney Maison Samuels said that when a business used a chatbot, a lot of real-time data about end users may be obtained during the conversation.
Samuels said that if a company used chatbots, it must ensure compliance.
“There are various measures that a chatbot operator and its customers should take to ensure compliance.
“Purpose – records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected. Consent– important, because the chatbot will request personal information from the end-user, he/she should consent to the personal information being used.”