Page 28 - Q&A.indd
P. 28

standards for the  processing of  personal information. It  should  be
            noted that POPI applies to a specific activity, namely the processing of
            personal information, rather than to a specific person or organisation.
            As a general rule, POPI will apply to any person or organisation who (or
            which) processes the personal information of others and who is defined
            under POPI as “responsible parties”.

            “Personal information” includes any information relating to an identifiable,
            living, natural person or an identifiable, existing juristic person and can
      Commercial  identity number or registration number, contact details or a physical
            include amongst others any identifying information such as a name,
            address of a person or business. Information relating to the education,
            medical, financial, criminal or employment history of a person, as well
            as their personal views and opinions, are also covered in terms of POPI.

            “Processing” according to POPI, refers to any operation or activity
            whether or not by automatic means concerning personal information,
            including amongst others the collection, use, storage, retrieval, deletion
            or destruction of personal information. Therefore, even if a responsible
            party is only in possession of personal information, they are considered
            to be processing personal information in terms of POPI.
            POPI further applies to the processing of personal information by both
            automated (electronic) and non-automated (non-electronic) means
            when such information is entered into a record of a responsible party.
            Personal information which is processed by non-automated means, for
            example through mediums such as paper files or other physical or hard
            copy files, will only be subject to the provisions of POPI in the event that
            such personal information forms, or is intended to form, part of a filing
            system. Consequently, in the event that personal information is stored in
            hard copy format, which does not form part, or is not intended to form
            part, of a filing system, such processing activity will not fall within the
            ambit of POPI.
            The processing of personal information is thus an ongoing process
            which  requires  compliance  with  the  provisions  of  POPI  for  as  long  as
            a person or organisation is in possession of such personal information.
            The application of POPI is very broad and will apply to most persons
            and organisations who (or which) are in possession of the personal
            information of others.
            In your situation, the fact that your information is in hard copy format,
            does not exclude POPI from applying to you. In addition, the fact that you
            retain your client’s information in physical files will qualify as processing
            personal information and will thereby also fall under POPI. To comply
            with the requirements of POPI we would advise that you enlist the help
            of a specialist to assist you in identifying the necessary measures to
            implement to ensure that you are compliant.




            22
   23   24   25   26   27   28   29   30   31   32   33