The POPI Act refers to South Africa’s Protection of Personal Information Act and aims to balance our
right to the free flow of information and our right to privacy. In other words, POPI regulates
whatever you do with whoever’s personal information.

POPI regulates the “processing” of personal information. This definition is broad. It covers, amongst
other things, the collection, receipt, recording, organisation, collation, use, and dissemination of
information. This does not mean that CCTV surveillance is unlawful or prohibited. However, it does mean that Vumacam must comply with the provisions of POPI.

The POPI Act provides eight information protection principles to govern the processing of personal
information.

● processing of information is limited which means that personal information must be
obtained in a lawful and fair manner.
●  information can only be used for the specified purpose it was originally obtained for.
● the POPI Act limits the further processing of personal information. If processing takes place
for purposes beyond the original scope that was agreed to by the data subject, the
processing is prohibited.
● the person who processes the information must ensure the quality of the information by
taking reasonable steps to ensure that the information is complete, not misleading, up to
date, and accurate.
● the person processing personal information should have a degree of openness. The data
subject and the Information Regulator must be notified that data is being processed.
● the person processing data must ensure that the proper security safeguards and measures
to safeguard against loss, damage, destruction, and unauthorised or unlawful access or
processing of the information, has been put in place.
● the data subject must be able to participate. The data subject must be able to access the
personal information that a responsible party has on them and must be able to correct the
information.
● the person processing the data is accountable to ensure that the measures that give effect
to these principles are complied with when processing personal information.

Some of the obligations under POPIA which Vumacam strictly adheres to are:

● Only collect information that is needed for a specific purpose
● Apply reasonable security measures to protect it
● Ensure it is relevant and up to date
● Only hold as much as you need, and only for as long as you need it
● Allow the subject of the information to see it upon request