POPI Act refers to South Africa’s Protection of Personal Information Act. In a nutshell, POPI will aim to balance our right to the free flow of information and our right to privacy. In other words, POPI regulates whatever you do with whoever’s personal information.

Information includes, but is not limited to:

• contact details: email, telephone, address etc.
• demographic information: age, sex, race, birth date, ethnicity etc.
• history: employment, financial, educational, criminal, medical history
• biometric information: blood type etc.
• opinions of and about the person
• private correspondence etc.

POPI regulates the “processing” of personal information. This definition is broad. It covers, amongst other things, the collection, receipt, recording, organisation, collation, use, and dissemination of information. This does not mean that CCTV surveillance is unlawful or prohibited. However, it does mean that – once the operative provisions of POPI are in force – Vumacam must comply with the provisions of POPI.

For now, the best we can do is to interpret POPI according to the general language-context-purpose framework for statutory interpretation in South African law. Our courts are also likely to look for comparative guidance in jurisdictions with more developed data protection jurisprudence. In particular, POPI’s language closely tracks EU data protection laws. In formulating our processes and procedures, Vumacam has adhered closely to the EU GDPR (General Data Provision Regulation) provisions.

Some of the obligations under POPI are to:

• only collect information that you need for a specific purpose
• apply reasonable security measures to protect it
• ensure it is relevant and up to date
• only hold as much as you need, and only for as long as you need it
• allow the subject of the information to see it upon request

Download the POPI act below to learn more.