We have all had them, been annoyed by them and wished they would stop.
Your cellphone rings, you answer it.
On the other end is a polite young person who wants to offer you life insurance or a cellphone deal or a credit card.
You do not want them, but the person insists you listen to their offer.
You become angry and ask them where they got your number, you have never had business with their company.
The person does not know.
But this scenario could soon be a thing of the past: if the Protection of Personal Information Bill becomes law, companies you do business with would not be allowed to divulge or sell your personal information to other companies.
The legislation has been passed by the National Assembly and is soon to be adopted by the National Council of Provinces.
It would affect all health care, marketing, insurance and financial companies and there would be heavy consequences if they did not comply.
The companies could face fines of up to R10 million or 10 years in jail as well as civil class action cases that could result in million of rands in damages paid out.
Nashua Finance managing director Bertus Korb explained that in today’s technologically connected office environment, information and data flowed more freely.
This resulted in the personal information of employees and clients becoming instantly accessible.
The bill “is regarded as a well-balanced piece of legislation and is in line with similar legislation existing in about 70 to 80 countries”, Korb said.
Its scope was wide, and the personal information of legal entities and individuals would be closely protected through the enforcement of the statute.
The bill was primarily based on certain protection conditions relating to the way information was used and reused by recipients of the information.
“It is the responsibility of the party gathering the information to ensure it is accurate, current and not misleading,” Korb said.
“Essentially, information may be processed only if voluntary, specific and informed consent is obtained.”
Korb said companies that dealt with information that could be linked to any person or legal entity would have to take measures to protect their client and themselves.
“Failure to do so will expose the company and stakeholders associated with it to legal ramifications that could seriously affect its operations, and result in imprisonment,” he said.
Garth Watson, a director at Gunstons Attorneys and the Environmental Law Consultancy, emphasised that the bill would bring South Africa in line with the most advanced European legislation.
It was designed to prevent the use of client contact details or information for any purpose other than that for which it was originally submitted, he said.
“If I give my (details to a company and they pass) on this information without my consent, they will now be acting contrary to the provisions of the act.”
Companies and organisations were to have one year from the date of the legislation’s enactment to ensure compliance with the act, said Watson.
Firms should start putting systems in place to prevent the disclosure or dissemination of personal information.
Companies that handled personal information should use a certificated auditor who was fully au fait with the legislation and its potential implications.
Watson said the legislation had become essential because any high income earner today was liable to be bombarded through the electronic media with information and advertising for which he or she had not asked.
“I have always wondered where these spam marketers get my cellphone number,” he said.
The challenge in the coming year, said Watson, would be for the IT companies involved in server and web hosting to develop systems that were genuinely foolproof and “hack-proof”, especially those that offered cloud computing services.
“Their clients will now want full reassurance that personal information stored on these servers is protected in terms of POPI (the new legislation).
“However, this will not be easy to achieve and probably means companies that are strong on the IT side and use IT service providers with a certified ISMS will gain by being ahead of others in being able genuinely to guarantee confidentiality,” said Watson. - Saturday Star