Address: 8 Houlton Drive, Palm Beach, 4275, KwaZulu-Natal, South Africa | Tel: 031 702 0449 | Fax: 086 605 2670

The Protection of Personal Information (POPI) Explained

The right of access to information is resultant from section 32 of the Constitution. This section guarantees each individual the right of access to any information held by the government or any another person or organisation. Thus all organisations are required to protect the rights of any individual regardless of when the record came to be. This right is executed through the enabling legislation, The Protection of Personal Information Act 4 of 2013.

Any personal, confidential, or sensitive information is legally required to be protected so as to protect an individual’s rights to privacy. Protection is also needed to ensure an individual’s rights are not violated in the form of the circulation of personal information, without the individual’s consent, where that information has not been legally obtained and is being used for purposes other than that which it was intended.

“PAIA” means Promotion of Access to Information Act 2 of 2000. PAIA was promulgated to give effect to the rights of an individual to the protection of their personal information as set out constitutionally. The right of access to any information is protected through the PAIA which sets out voluntary and obligatory processes, procedures and accompanying mechanisms which give rise to the protection of the rights of each individual in this regard. PAIA gives effect the way in which an individual or organisation may to obtain access to records of public and private bodies as quickly, inexpensively, and smoothly as reasonably possible, within the constraints of the law, in order to enable them to process private information in a legal manner.

Within organisations, processes are progressively more reliant on information communications technology (ICT) as it plays a vital part of the smooth-running of any organisation. Without access to private information, organisations would not be able to function. The Act ensures that when access to personal or organisational information is required, it is done in a manager with consent of the affected party. IT is a crucial component of business operations and as such records must be kept and must be accurate, in electronic form.

To support compliance with the continuous flow of information and ensure alignment to the Act whilst promoting transparency, accountability and safeguarding public and private bodies, organisations are required to create and maintain trustworthy, consistent and practical records of correct and updated information so as to protect the integrity of private records, for as long as required.

Managing records of any kind, most especially electronic ones, is a complex business. Procedure have been set out in PAIA Manual as a means to facilitate organisations and their responsible parties,  to legally create, maintain and destroy electronic records.  Information technology (IT) staff, records management staff and managers must refer to Information Regulator to assist them with cost-efficient accommodation of the protection of personal information as well as accommodates their statutory obligation under the PAIA and any other legislation referred to within the Act. The guideline emphasise the crucial role of managing and maintaining electronic records and should be used in conjunction with any applicable legislation and policies.