Although the Information Regulator is not yet fully operational, it has already received numerous complaints relating to the unlawful processing of personal information under the Protection of Personal Information Act, 2013 (POPI). POPI itself is not yet fully in force. We are currently awaiting publication of a revised draft of the regulations following the closure of public comments in November 2017. See our previous post for more information.
In September 2017, the Information Regulator stated that it had received 107 complaints so far, most of which relate to direct marketing in the banking, insurance and telecommunications industries. This number has no doubt risen in the past 5 months.
Last week the Information Regulator made its first public statement about an allegation of unlawful processing. It follows several media reports about a leaked recording of a telephone conversation between the Zulu monarch, King Goodwill Zwelethini, and an insurance sales representative from MiWay, which the Information Regulator stated that it has “noted with concern”.
An official complaint cannot be lodged because the relevant provisions of POPI are not in force. However, the Information Regulator intends to engage with MiWay proactively regarding its readiness to comply with POPI.
Many organisations have taken the view that POPI compliance can wait until the act is in force. But getting on the bad side of the Information Regulator now is not recommended. Remember that once POPI is in force, the Information Regulator can conduct an assessment of your personal information handling practices even if no complaint has been received.
By Kerri Crawford, Senior Associate, Norton Rose Fulbright