Download this guide as a foldable pamphlet and poster in English or isiZulu.
Sign the petition to demand our private info is protected at https://awethu.amandla.mobi/p/protectourprivacy
Download the pamphlet (English)
Download the pamphlet (isiZulu)
Does the law protect your personal info?
South Africa has a new law about privacy and protecting your personal info. How can this law protect you from companies, government agencies and cyber criminals who abuse your personal info?
The Constitution says you have a right to privacy, and now there’s a new law called the Protection of Personal Information Act (the POPI law) which says your personal info must be protected.
According to the new law, your personal info can’t be bought or sold. It can only be used by someone who has a justifiable reason – for example, if you’ve given permission or if there’s a law that allows it.
What is personal info?
Personal info is any info that identifies you, including your age, race, gender, education, your medical or financial info, or your criminal or employment history.
It also includes your contact details, such as email or phone number.
What does the law say about your personal info?
The POPI law says that companies and government agencies can only use your personal info if they ensure the following:
- Openness & Accountability: They must be transparent and accountable about how they use your personal info and why.
- Clear purpose: They must have a proper reason for collecting your personal info, and can only use it for that purpose.
- Your participation: You must know why your personal info is being used, and they must communicate with you about it. Unless they’re authorised by law to have the info, you have the right to demand they delete it!
- Security safeguards: If they’re using your personal info, they must take steps to keep it safe and secure. They have a duty to notify you in the event of a data breach if your identity is known to them.
If someone misuses your personal info, or anyone else’s, you have a right to complain to the new government privacy watchdog called the Information Regulator.
So, is your permission always needed?
There are a few exceptions: the POPI law says these rules may not apply when personal info is used for: (1) national security and policing, (2) ‘everyday’ use such as between friends or family; (3) public-interest journalism that is governed by a code of ethics.
Then does the law protect me from government spying?
The POPI law says these rules don’t apply when the government is using people’s personal info to fight crime or protect national security, BUT only if they are following another another law, such as the RICA law, and this law protects your privacy properly. Therefore, if government surveillance laws don’t protect your privacy properly, then the POPI law applies.
How long can a person keep your personal info?
A person may only keep your personal info for as long as is needed to provide the service for which they collected, or if there’s a law that requires them to keep it. But they must delete or destroy personal info when they no longer have a lawful reason for keeping it, or if you ask them to destroy it. (This doesn’t apply if they are required by another law to keep the info – for example, you cannot demand that SARS deletes your taxpayer info!)
Demand protection for your personal info
Your privacy is not being protected! Even though the POPI law protects your right to privacy in theory, it still isn’t in force! Why? It is because the Information Regulator – the government watchdog set up to make sure the privacy law is being followed – is not operational.
The Information Regulator has not hired staff to fulfill its watchdog mandate. This means there’s nobody to issue fines or other penalties when someone fails to protect your personal info. The bureaucratic delays mean that our privacy is not being protected.
The Information Regulator and the Department of Justice have promised to a date when the POPI law comes into force soon.
DEMAND ACTION!
Join the call to demand that your privacy is protected. Sign the online petition at https://awethu.amandla.mobi/p/protectourprivacy
More information
Where can I find out more about the Protection of Personal Information Act?
Visit https://justice.gov.za/inforeg
What if my info has been stolen or misused?
Although the POPI Act is not yet in force, you can contact the Information Regulator at 012 406 4818 or inforeg@justice.gov.za
What if I am a victim of fraud?
If you’ve been the victim of fraud, also get advice from the SA Fraud Prevention Service (SAFPS): Call 0860 101 248 or visit www.safps.org.za
