LEGAL: POPI Â– Take Care When Processing Personal Information
Recent Gauteng Business News
Â“The Bill, when promulgated, will impose a number of stringent obligations on all persons who process personal information in any manner.
Â“Processing of information is defined under the Bill to include the collection, receipt, recording, organisation, collation, storage, updating, alteration or modification, retrieval, consultation, use, dissemination, distribution, merging, link, erasure or destruction of personal information. Persons who process personal information must also take appropriate measures to ensure that the integrity and confidentiality of personal information is maintained, including by taking, ''appropriate, reasonable, technical and organisational measures'', to prevent loss or unauthorised destruction of, damage to and unlawful processing of personal information, including by identifying all reasonably foreseeable risks relating thereto,Â” explains Simone Gill, Director in the Technology, Media and Telecommunications practice at Cliffe Dekker Hofmeyr business law firm.
Â“The measures taken are to be verified regularly to ensure that the safeguards are effectively implemented and continually updated in response to new risks or any identified deficiencies in previously implemented safeguards,Â” she says.
Mariska van Zweel, Associate in the TMT practice notes that the recent LinkedIn security breach that caused users passwords to be leaked once again illustrates the necessity of ensuring that adequate, appropriate security safeguards and measures are implemented to prevent unauthorised disclosure of personal information.
Â“According to various media reports, security experts allege that, despite LinkedIn's user statement that personal information will be secured in accordance with industry standards and technology, LinkedIn failed to follow an industry standard for encryption of user passwords,Â” van Zweel says.
Â“It is essential that all persons who process personal information in any manner embark on awareness workshops and detailed due diligence exercises to assess their level of compliance with the Bill and determine which steps are to be taken to ensure compliance, failing which they may find themselves falling foul of the obligations imposed by the Bill, which may result in criminal sanction and/or civil liability once it is promulgated,Â” Gill adds
Business News Sector Tags: Law|