While the focus is often on the commercial importance of data protection, privacy is also recognised as an important human right. This recognition is evidenced in South Africa, where the right to privacy is protected under the common law, Section 14 of the South African Constitution, and through the Protection of Personal Information Act, 4 of 2013 (“POPIA”). In 2014, the Government released a proclamation stating that section 1 (the definitions), Part A of Chapter 5 (which relates to the Information Regulator), section 112 of POPIA (which relates to the power to make regulations) and section 113 of POPIA (which relates to the procedure for making regulations) would come into force on 11 April 2014.
In June of 2020, the President released a proclamation confirming that from the 1st of July 2020, certain sections would be enacted. These sections include:
● | section 2 (which sets out the purpose of the Act), |
● | sections 3-38 which include the application of the Act, the conditions for lawful processing, the rules governing special personal information and children’s information and the exemptions. |
● | Sections 55-109 also came into effect in July of 2020. These sections govern information officers, prior authorisation, codes of conduct, the rights of data subjects, direct marketing, the transborder flow of information, enforcement and offences. |
While organisations have been given a one-year grace period to become compliant, it is vital to recognise personal information as a precious commodity, both in terms of how it is collected and how it is shared.
This is important as, never before, has it been easier to share personal information with large numbers of people, thanks to social media. The use of social media has consequently changed the way that most people communicate and conduct business in modern life. Around the world, billions of people use social media every day, with the number of users consistently growing. According to HootSuite “More than 4.5 billion people now use the internet, while social media users have passed the 3.8 billion mark.” While social media usage is on the rise, it is complex in that it often serves as a double-edged sword.
For example, from a positive perspective, technology and the internet have provided society with increased automation, greater connectivity and easier access to information. Social media also enables advisors to conveniently connect with a greater number of clients at a lower cost. There has however, been growing concern over the potential negative side effects of social media.
Examples of these negative aspects include increased anxiety and depression, a decline in modern man’s capacity to effectively connect, the potential for brand damage, defamation and increasing political polarisation. In addition, social media platforms are the primary conduit through which fake news is spread while cyber-crime and the abuse of personal information, continue to threaten our online presence. One example of this is the Cambridge Analytica scandal, whereby data analytics were used to influence and manipulate the 2016 American elections.
Under POPIA, organisations are responsible for processing information in accordance with the conditions described under chapter 3 of the Act. These processing principles contained in POPIA are also similar to the data protection principles found under the European Union’s General Data Protection Regulation. These principles include:
1. | Accountability, |
2. | processing limitation, |
3. | purpose specification, |
4. | further processing limitation, (information should only be processed for the reason it was originally collected) |
5. | information quality, |
6. | openness, |
7. | security safeguards and |
8. | data subject participation. |
It is important to note that section 12 (2)(a) of POPIA provides that information must be collected directly from the data subject unless, it is contained in or derived from a public record or the data subject has made it public. Given this exemption and the Cambridge Analytic scandal, individuals should be cautious with what information they share online.
Many people don’t completely understand the nature of social media, believing that if they tweet something to their 100 followers, or if they post something on Facebook that only their friends can see, no-one will be able to share their post to a wider audience and that their post is thus private. This is not the case. Any person’s friends or followers could share the post or they could take a screenshot and share that on other platforms.
Given the local and international importance of data protection, it is necessary to develop a greater understanding of the need for data protection. The human rights implications of privacy cannot be ignored or underestimated. Organisations that wish to retain their relevance and their competitive edge are now required to transform the way they think about privacy. For example, more stringent corporate governance rules across jurisdictions have necessitated a shift towards the more effective management of resources (including data). This is both in terms of how it is collected and how it is shared.
When in doubt, follow this basic rule:
“Dance like no-one is watching, but text, post and email like it will be read in court one day”– Olivia Nuzzi, Reporter of the Daily Beast.
For more information on data protection, see Moonstone Business School’s course on Protection of Personal Information Act.