- The policy should meet the legal requirements. Consider the Protection of Personal Information Act (POPI), the Consumer Protection Act and the National Credit Act. Also any Industry Codes your organisation need to adhere to. If you do business beyond the borders of South Africa, consider the legislation of these countries too.
- The policy needs to satisfy your business objectives.
- It could reduce the risk of your company being sued for infringing a customer’s right to privacy.
- The policy should also ensure that you comply with the law and avoid sanctions for non-compliance.
- Increased consumer confidence. Your potential customers will not feel the need to seek out your competitors who might have better data privacy practices in place.
How is personal information gathered?
You can get access to personal information in several ways and you should seriously consider if you truly need the information gained. Personal information can be gathered in many ways, including:
- Subscribing to a newsletter,
- A user who registers on a blog or forum,
- A user completing an online form,
- Placement of orders,
- Monitoring user access and habits,
- Sending or receiving emails,
- Messaging services, e.g. online chat.
An individual’s right to privacy is nestled in our Constitution, although no privacy legislation currently exists.
To a degree, the Promotion of Access to Information Act pertains to privacy. At its core, PAIA states that private bodies should allow access to their records under certain circumstances. But can refuse this request should disclosure involve the unreasonable disclosure of personal information.
*Content updates will be done under your monthly hour available or quoted for as per our standard support rate.