Connect with us

Compliance

Bullet-Proofing Information

Demystifying POPI: What it means for your business and personal information.

Charles Stretch

Published

on

003

The Protection of Personal Information Bill (POPI) will be signed by the President in the first half of 2013 – but what is it? And how will it affect our businesses, and individual rights?

The intention of POPI is to establish a protection for personal information regime in South African law, and bring us in-line with international standards of protection of personal information.

Once the Bill has passed the National Council of Provinces, and become an Act, we will have one year to become compliant. This period can be extended to a maximum of three years by the Minister. And, in the light of South Africa’s typically lax response to such occasions, I expect that the extension will be required.

What POPI means

POPI protects personal information by restricting how it can be collected and used, and sets out eight principles:

Accountability: The responsible party, those who process the personal information, must ensure that all the principles and the measures are complied with.

Processing limitation: This stipulates that processing must be done lawfully and in a manner that does not infringe the privacy of the individual, and that personal information can only be processed if the processing is adequate, relevant and not excessive, given the purpose for which it is to be used.

Purpose specification: Personal information must only be collected for a specific purpose and the individuals must be aware of the purpose of collection. In addition, records must not be retained for longer than necessary to achieve the purpose for which it was collected or processed for.

Further processing limitation: This is simply stating that further processing must be compatible with the purpose of collection.

Information quality: The holder of the data must take reasonably practicable steps to ensure that personal information is complete, accurate, not misleading and updated when necessary. All the while upholding this, taking into account the purpose for which the information was initially collected.

Openness: Steps are required to ensure that the data subject is aware of the personal information being collected and the purpose of collection.

Data subject participation: the data subject can request whether an organisation holds their private information, and what information is held. They may also request the correction or deletion of information which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.

Security safeguards: the responsible party must secure the personal information under their possession/control.

The direct marketing angle

Specifically relating to the running of SMS marketing campaigns, direct marketers cannot use personal information for direct marketing unless the consumer has given permission, and in the case or a direct marketing organisation, they must have ‘opted in’.

The consumer can ‘opt-in’ in one of two ways. Firstly, they can give their consent to receive direct marketing. This would ideally be obtained when the information is collected, but you can also approach the consumer for consent later. If doing this, you can only approach the consumer once for consent.

As an aside, direct marketers must obtain a consumer’s contact details in the first place to approach for consent. Unless these contact details were in the public domain, e.g. a telephone directory, merely obtaining the contact details could be an infringement of POPI.

For example, if you received a list of individuals and their contact details from a company that collects and sells marketing information (data vendor), the data vendor would itself have infringed POPI by passing the list on, even if you never use any of the information. Unless the individual specifically consented to their information being passed on.

Secondly, if the consumer is a customer of a direct marketer (and not of anyone else) then they can use the information for direct marketing only if:

  • The data was obtained in the context of the sale of a product or service
  • The direct marketing will be in respect of the marketer’s own similar goods/services
  • The consumer has been given a reasonable opportunity to object to receipt of direct marketing both when the data was first collected AND on each occasion when direct marketing is made to the consumer.

Infringement

POPI makes provision for enforcement notices to be served on those infringing the data protection principles or the direct marketing provisions of POPI. Failure to comply with an enforcement notice is an offence, and on conviction may lead to a fine, up to 10 years in prison, or both.

Perhaps more seriously, if a data subject suffers any loss as a result of an infringement, the responsible person will be strictly liable for this loss. In other words, it does not matter if the responsible person was negligent, or acted intentionally in infringing POPI – if the infringement caused loss to the consumer, the responsible person is liable.

As SMS gateways we must be careful to specify that we are not ourselves conducting the direct marketing, but that our systems are being used by a direct marketer e.g. a retailer, bank or other institution. In other words you must ensure that you are mere conduits insofar as this is possible.

Consumer Protection Act

The provisions of POPI will be in addition to those set out in the Consumer Protection Act (CPA). Section 11 of the CPA allows for consumers to pre-emptively block direct marketing by listing their contact details in a ‘do not contact’ registry. The registry is yet to be set up, but once it has been the two Acts will inter-relate:

Direct marketers will have to assume that, unless a consumer has expressly consented to receive direct marketing from that direct marketer, that a pre-emptive block has been registered. The direct marketer must first query the registry to make sure that no pre-emptive block has been registered before it can market to that consumer.

Note that until it has done this, the direct marketer cannot send any communication to the consumer if the approach or communication is primarily for the purpose of direct marketing.

Applied to the provisions of POPI, a direct marketer will have to check the registry before it can even approach a consumer for consent to market to that consumer.

Even for its own customers, the direct marketer will have to check the registry unless the customer has expressly consented to receive direct marketing, even if the marketer has previously sold similar products or services to the consumer.

To conclude, South Africans will have, for the first time, the right to privacy of their personal information in an enforceable way. It’s going to be a period of change and uncertainty for many, but as organisations responsible for people’s personal information we must all act responsibly, and uphold the reputation of businesses like ours, as well as our partners who use our service.

Charles Stretch is the managing director of SMSPortal. Established in 2002, it has grown to be SA’s largest bulk SMS provider sending 100 million SMS a month (the total market is 230 million SMS). Contact charles@smsportal.co.za for more information.

Company Posts

An Introduction To COID Registration And The Letter Of Good Standing

Company Partners is a leading COID Registration Service Provider in South Africa. They also assist Companies to obtain a Letter of Good Standing from COIDA.

Company Partners

Published

on

Compensation for Occupational Injuries and Diseases Act

What is COIDA?

The Compensation for Occupational Injuries and Diseases Act (Act 130 of 1993) replaced the “Workmen’s Compensation Act” (Act No. 30 of 1941), and was amended in 1997.

The Compensation Fund provides compensation for occupational injuries or diseases sustained or contracted by employees in the course and scope of their employment, or their dependents for death resulting from such injuries or disease, and to pay reasonable medical expenses incurred.

Who must register with COID?

According to prescription, anyone who employs one or more part- or full time workers must register with the Compensation Fund and pay annual assessment fees. The Compensation Fund is a trust fund that is controlled by the Compensation Commissioner and employer contributes to the Compensation Fund. The Commissioner is appointed to administer the Fund and approve claims lodge by employees or their dependants.

An employer must register with COID within seven days after the day on which he employs his first employee. An employer must register with the Commissioner by submitting Form W.As.2 with the particulars required therein to the Commissioner.

During COID registration copies of the following documentation should be included:

  • the registration certificate from the Register of Companies if they are a company or closed corporation;
  • or their ID document, if they are sole owners of the business.

What are assessment fees?

The annual assessment fee is of an employer is based on their employee’s earnings and the risks associated with the type of work or profession. Before 31 March each year, all employers (including contractors) must submit a statement (return) of earnings reflecting amount paid to all their workers from the beginning of March to the end of February.

Assessment tariffs, reviewed annually, are based on the risks related to a particular type of work.

Payment of assessments

  • Employers must pay within 30 days of receiving the notice of assessment;
  • Employers must apply in writing to settle assessments in installments (not exceeding 12 months);
  • 20% of the outstanding balance due is required upfront before instalment arrangements can be applied for;
  • Should the instalment fall overdue, the full amount becomes due and payable immediately.

Failure to comply may result in:

  • Penalty can be imposed for late submission of ROE (Sect 83(2) – 10%);
  • Estimations will be done if no returns (ROE) are submitted (Sect 83(6)(a);
  • Penalty on non-payment of assessments (Sect 87(1) – 10%);
  • Interest on late payment of assessment (prevailing prime rate);
  • Penalty for late reporting of accidents
  • A penalty is imposed where an employee meets an accident / death and employer is not registered with the Compensation Fund (not exceeding full compensation payable to the employee (Sect 87(2)(a))
  • An employer who fails to comply with a provision of this section shall be guilty of an offence – Sect 81(3)

Contractors and sub-contractors: 

  • Contractors and sub-contractors must register with the Compensation Fund and pay assessments;
  • Failure to comply with the COID Act by the sub-contractor will make the mandatory or main contractor to be responsible for any claims from the sub-contractor’s employees (thus the need for a letter of good standing);
  • The contractor may recover any such payments directly from the sub-contractor.

Letter of Good Standing:

The Letter of Good Standing is a certificate issued by the Compensation Fund to verify that a business actually exists, has paid all its statutory dues, has met all filing requirements and, therefore, is authorised to operate.

Conditions when applying for a letter of good standing:

  • Employer must be registered with the Fund as per section 80 of the COID Act,
  • Employer must have submitted all returns of earnings as per section 82 0f the COID Act,
  • Employer must be fully assessed as per section 83 of the COID Act,
  • Employer must have paid/ settled all outstanding debt as per section 86 of the COID Act.
  • Employers that have entered into an instalment arrangement will only be issued with a letter of good standing on a month‐to‐month basis.

Related: Register A Company In South Africa

What happens if an employee is injured?

employee-injury

The amount of compensation paid to you, depends on how much you were earning when you got injured or diagnosed. If you’ve stopped working by the time a disease is diagnosed, the compensation will be worked out according to what you would’ve been earning.

Types of compensation:

Medical costs: All your medical expenses will be paid for up to 2 years, from the date of the accident or the diagnosis of the disease. You are free to choose a medical service provider you want to consult with. All medical accounts and reports should be submitted to the Commissioner.

Temporary disability:  When you’re unable to work or can’t do all your work because of an injury or disease.

All medical expenses are also paid if the medical accounts are submitted to the Commissioner.

You can claim compensation for temporary disability for 1 year. This can be extended to 2 years, after which the Commissioner may decide that the condition is permanent and grant compensation on the basis of permanent disability.

Permanent disability:  A permanent disability is an injury or illness that you will never recover from. The seriousness of the disability will determine whether you’ll never be able to work again or whether you’ll find work more difficult.  If the disability is more than 30% disability, you will get paid a monthly pension. The size of the pension depends on what your wages were and on the seriousness of the disability.  If the disability is 30% or less, you’ll get paid a lump sum. The lump sum payment is a once-off payment.

Death benefits:  Burial expenses will be paid and the spouse of the deceased and children under the age of 18 (including illegitimate, adopted and step-children) are entitled to compensation.  If a family member that earns money to support the family (breadwinner) is killed by an occupational injury or disease, dependants can claim from the fund.

Company Partners

Company Partners is a leading COID Registration Service Provider in South Africa. They also assist Companies to obtain a Letter of Good Standing from COIDA.

Established in 2006, Company Partners guarantees that the services they offer meet the standards of the best in the industry. Over 30 full-time Consultants offer services and standards of the highest quality.


Useful Links

  1. COID Registration
  2. Letter of Good Standing

Continue Reading

Compliance

How To Stay On The Right Side Of The Law With A Marijuana Business

The verdict is in: It’s not (yet) legal to commercially grow cannabis, but there are multiple business opportunities for home growers that are on the right side of the law.

Nicole Crampton

Published

on

marijuana-business-legal

“The use, possession and cultivation of cannabis outside of a private space, or by, or around, under-age persons, still remains illegal,” says Paul-Michael Keichel, Partner at Schindlers Attorneys. “The caveat to this appears, however, to be that you may carry concealed cannabis in public, if the intention is to only consume it in a private space, away from under-age or non-consenting individuals.”

“What we are seeing is that most of our clients’ focus has been on the cultivation and commercialisation of cannabis itself. What is seemingly being overlooked are the secondary industries that will emerge or benefit from the legalisation of cannabis,” explains Maurice Crespi, Partner at Schindlers Attorneys.

“Take our M&R (medical and recreational) Cannabis Department as an example. Whilst not planned, it has emerged as a key department at Schindlers Attorneys. If cannabis legalisation presents an opportunity for attorneys, it begs the question as to what industry would not be presented with some form of opportunity as a result of its legalisation.

“Transport, courier services, injection moulding, advertising, fashion, accountants, medical, textiles and so on, are now all in a position to exploit the legalisation of cannabis to their benefit. I’m yet to think of an industry that will not be in a position to benefit from the legalisation of cannabis. Even Coca-Cola has found a way,” says Maurice.

Related: 10 Cannabis Business Opportunities You Can Start From Home

Grey areas yet to be resolved

“The question that has been left open, of course, is how and where does one get the cannabis seeds to grow the plants that one is now permitted to cultivate at home, or in private? Must these be shared, or can they be sourced or sold commercially?” says Paul-Michael.

“Until this answer is clear (we’re researching presently), it’s better to err on the side of caution. However, now that the major part of the fight is lost for them, I would be very surprised if Parliament doesn’t start appreciating the massive potential for increased tax revenue that would flow from a formalised and regulated cannabis industry.

“It serves almost everyone’s interests for them to entertain this option, especially because studies show that full legalisation decreases associated harms more than decriminalisation. Consider quality control, de-stigmatisation, elimination of the black market, beneficiation, and the list goes on,” explains Paul-Michael.

“That stated, SAHPRA (www.sahpra.org.za) is entertaining licence applications by growers and distributors for medicinal use of cannabis. The requirements are very tight but, for those able to comply and get licences, the commercial opportunity is almost unquantifiable,” says Paul-Michael.

Continue Reading

Compliance

Innovative Business Solutions And Compliance

Compliance with certification is a strong way to demonstrate that you are managing your business proactively.

Published

on

thinking-out-the-box

As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.

It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.

Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.

There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.

Related: Compliance For Entrepreneurs

Here are a few strategies that you can use to make your business more profitable in the future.

Innovative Marketing solutions

For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.

However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean?  While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.

This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors.  Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.  

Compliance Breeds Confidence

It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.

Related: Why HR Legislation Compliance Can Curb Business Failure

For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.

With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.

In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.

Continue Reading
Advertisement

SPOTLIGHT

Advertisement

Recent Posts

Follow Us

Entrepreneur-Newsletters
*
We respect your privacy. 
* indicates required.
Advertisement

Trending