There has been a lot of talk about the Secrecy Bill and the Promotion of Access to Information Act. I am now hearing about another act called the Protection of Personal Information Act. What is the purpose of this law? Is it in force? And how does it relate to other legislation dealing with access to and protection of information?
Need more info
Dear Need more info,
The Protection of Information Act prevents unauthorised disclosure of information where the disclosure will jeopardise state security. This kind of information is usually in the hands of the intelligence services or the police.
The Protection of Personal Information Act safeguards personal information. As the name suggests, the Act applies to information of a personal nature. This includes information relating to race, gender, sex pregnancy, marital status, education or medical, financial, criminal and employment history.
We are all familiar with having to fill out an application form when we apply for a home loan, or a credit card or a store card. We know that in order to apply for any of these facilities we are asked to disclose our race, identity number, marital status, work and home addresses and how much we earn.
But do we know what happens to this information? We have all experienced the frustration of random calls offering us credit that we haven’t applied for. How do they get our information, we ask?
The Protection of Personal Information Act, approved by the National Assembly in September 2012, aims to remedy this. For the first time South Africans will have their constitutional right to the privacy of their personal information enforced.
In future, when South Africans are asked to disclose personal information, the institution asking for it must explain why they need it. Significantly, the Act provides that records of personal information must not be kept any longer than necessary. When it is no longer necessary, the information must be destroyed.
The Act also requires an institution to put in place measures to protect the information that you disclose. For example, if you apply for a home loan in future, the bank must ensure that your personal information is protected and that no unauthorised people have access to it unless you agree that the information may be shared.
There are a number of exceptions to the prohibition of disclosing personal information. For example, medical information held by your doctor may be disclosed if it is necessary to ensure that you are treated properly. Similarly, personal information may be disclosed if is necessary to prevent a crime or to ensure the successful prosecution of a crime.
If you have reason to believe that your personal information has been interfered with – i.e. collected or disclosed – you can complain to the Information Protection Regulator (Regulator). The office of the Regulator is established by the Act to ensure that private and public bodies comply collect or share information lawfully.
The Regulator has the power to investigate complaints. If he/she is satisfied that the information has been interfered with he/she can issue a notice with instructions on how to remedy the situation. Failure to comply with the instructions of the Regulator is an offence. A person convicted of this may be liable to a fine or a prison sentence of 12 months.
The President has yet to sign the Act and appoint a regulator. We should all use this time to begin to question information requested of us and think twice about what and to whom we divulge.