Page 28 - Q&A.indd
P. 28

should  be  noted  that  POPI  applies  to  a  specific  activity,  namely  the
            processing of personal information, rather than to a specific person
            or organisation. As a general rule, POPI will apply to any person or
            organisation who (or which) processes the personal information of
            others and who is defined under POPI as “responsible parties”.
            “Personal information” includes any information relating to an
            identifiable, living, natural person or an identifiable, existing juristic
            person and can include amongst others any identifying information
      Commercial  or a physical address of a person or business. Information relating to
            such as a name, identity number or registration number, contact details
            the education, medical, financial, criminal or employment history of a
            person, as well as their personal views and opinions, are also covered
            in terms of POPI.

            “Processing”  according  to  POPI,  refers  to  any  operation  or  activity
            whether or not by automatic means concerning personal information,
            including amongst others the collection, use, storage, retrieval, deletion
            or destruction of personal information. Therefore, even if a responsible
            party is only in possession of personal information, they are considered
            to be processing personal information in terms of POPI.
            POPI further applies to the processing of personal information by both
            automated (electronic) and non-automated (non-electronic) means
            when such information is entered into a record of a responsible party.
            Personal  information  which is processed  by non-automated means,
            for example through mediums such as paper files or other physical or
            hard copy files, will only be subject to the provisions of POPI in the event
            that such personal information forms, or is intended to form, part of a
            filing system. Consequently, in the event that personal information is
            stored in hard copy format, which does not form part, or is not intended
            to form part, of a filing system, such processing activity will not fall within
            the ambit of POPI.
            The processing of personal information is thus an ongoing process
            which requires compliance with the provisions of POPI for as long as
            a person or organisation is in possession of such personal information.
            The application of POPI is very broad and will apply to most persons
            and organisations who (or which) are in possession of the personal
            information of others.
            In your situation, the fact that your information is in hard copy format,
            does not exclude POPI from applying to you. In addition, the fact
            that you retain your client’s information in physical files will qualify as
            processing personal information and will thereby also fall under POPI.
            To  comply  with  the  requirements  of  POPI  we  would  advise  that  you
            enlist the help of a specialist to assist you in identifying the necessary
            measures to implement to ensure that you are compliant.




            22
   23   24   25   26   27   28   29   30   31   32   33