Information Regulator makes first statement about unlawful processing

February 16, 2018 • General, Opinion

Information Regulator makes first statement about unlawful processing

Information Regulator makes first statement about unlawful processing.

Although the Information Regulator is not yet fully operational, it has already received numerous complaints relating to the unlawful processing of personal information under the Protection of Personal Information Act, 2013 (POPI). POPI itself is not yet fully in force. We are currently awaiting publication of a revised draft of the regulations following the closure of public comments in November 2017. See our previous post for more information.

In September 2017, the Information Regulator stated that it had received 107 complaints so far, most of which relate to direct marketing in the banking, insurance and telecommunications industries. This number has no doubt risen in the past 5 months.

Last week the Information Regulator made its first public statement about an allegation of unlawful processing. It follows several media reports about a leaked recording of a telephone conversation between the Zulu monarch, King Goodwill Zwelethini, and an insurance sales representative from MiWay, which the Information Regulator stated that it has “noted with concern”.

An official complaint cannot be lodged because the relevant provisions of POPI are not in force. However, the Information Regulator intends to engage with MiWay proactively regarding its readiness to comply with POPI.

Many organisations have taken the view that POPI compliance can wait until the act is in force. But getting on the bad side of the Information Regulator now is not recommended. Remember that once POPI is in force, the Information Regulator can conduct an assessment of your personal information handling practices even if no complaint has been received.

By Kerri Crawford, Senior Associate, Norton Rose Fulbright

Comments are closed.

« »

Read previous post:
The General Data Protection Regulation legislation is the most important change in data privacy regulation in 20 years.
Companies are using just a fraction of their data

There’s a long-standing myth that we only use 10% of our brains. Luckily it’s not true – otherwise who knows...