Simply put, the Protection of Personal Information Act (POPI) sets conditions for what companies can do with information about their customers.
The bill was passed by the National Assembly on 11 September 2012, with amendments approved on 20 August 2013. It has to be signed by President Jacob Zuma before it becomes law.
How the POPI Bill Can Harm Your Business
Businesses will only have one year from the commencement date to comply or face significant consequences, including a R10 million fine or 10 years in jail. If your business processes personal information, then you must comply with POPI.
What is the Protection of Personal Information Act – POPI?
“The intention of the Protection of Personal Information Act is to bring South Africa in-line with international standards of protection of personal information and will radically change the way in which both government and business deal with individuals’ private information,” says Charles Stretch, MD of SMSPortal.
Related: 7 Legal Pitfalls You Need to Avoid
How POPI Will Affect The Data You Collect
POPI protects personal information by restricting how it can be collected and used by a company, organisation or person, and sets out eight principles:
The responsible party (those who process the personal information) must ensure that all of the Act’s principles and the measures are complied with.
2. Processing limitation:
Processing of information must be done lawfully and in a manner that does not infringe the privacy of the individual. Personal information can only be processed if the processing is adequate, relevant and not excessive, given the purpose for which it is to be used.
3. Purpose specification:
Personal information must only be collected for a specific purpose and the individuals must be aware of this. Records must not be kept for longer than necessary to achieve the purpose for which it was collected.
4. Further processing limitation:
Further processing of the information must be compatible with the purpose of collection.
5. Information quality:
The holder of the data must take reasonable steps to ensure that personal information is complete, accurate, not misleading and updated when necessary. All the while, taking into account the purpose for which the information was initially collected.
Steps are required to ensure that the data subject is aware of the personal information being collected and the purpose of collection.
7. Security safeguards:
The responsible party must secure the personal information under their possession/control. Should a security breach occur, the responsible party must notify the subject whose information is compromised.
8. Data subject participation:
The data subject can request whether an organisation holds their private information, and what information is held. They may also request the correction or deletion of information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
POPI Will Make it Essential for Prospects and Customers to Agree to Receive Your Communication
Stretch points out, “Specifically relating to the running of SMS marketing campaigns, direct marketers cannot use personal information for direct marketing unless they have the consumer’s permission. In the case of a direct marketing organisation, they must have ‘opted in’.”
The consumer can “opt-in” in one of two ways:
1. Firstly, the consumer can give his or her explicit consent to receive direct marketing.
- This would ideally be obtained when the information is collected, but a direct marketer can also approach the consumer for consent later. If it does this, it can only approach the consumer once for consent.
- A direct marketer must get a consumer’s contact details in the first place to approach the consumer for consent. Unless these contact details were in the public domain, such as a telephone directory, merely obtaining the contact details could be an infringement of POPI.
- For example, if a direct marketer received a list of individuals and their contact details from a company that collects and sells marketing information, the data vendor would itself have infringed POPI by passing the list on to the direct marketer, even if the direct marketer never actually uses any of the information contained in the list. Unless the individual specifically consented to their information being passed on.
2. Secondly, if the consumer is a customer of the direct marketer (and not of anyone else) then the direct marketer can use their information for direct marketing ONLY if:
- The data was obtained in the context of the sale of a product or service, and
- The direct marketing will be in respect of the marketer’s OWN similar goods/services, and
- The consumer has been given a reasonable opportunity to object to receipt of direct marketing both when the data was first collected and on each occasion when direct marketing is made to the consumer.
POPI infringement: The Consequences Will be Harsh
POPI makes provision for enforcement notices to be served on those infringing the data protection principles or the direct marketing provisions of POPI. Failure to comply with an enforcement notice is an offence, and on conviction may lead to a fine, up to 10 years in prison, or both.
Perhaps more seriously, says Stretch, if a data subject suffers any loss as a result of an infringement, the responsible person will be strictly liable for this loss. In other words, it does not matter if the responsible person was negligent, or acted intentionally in infringing POPI – if the infringement caused loss to the consumer, the responsible person is liable.
Further Reading on POPI
Read up on the Protection of Personal Information Act (POPI) sets conditions for what companies can do with information about their customers.
An Introduction To COID Registration And The Letter Of Good Standing
Company Partners is a leading COID Registration Service Provider in South Africa. They also assist Companies to obtain a Letter of Good Standing from COIDA.
What is COIDA?
The Compensation for Occupational Injuries and Diseases Act (Act 130 of 1993) replaced the “Workmen’s Compensation Act” (Act No. 30 of 1941), and was amended in 1997.
The Compensation Fund provides compensation for occupational injuries or diseases sustained or contracted by employees in the course and scope of their employment, or their dependents for death resulting from such injuries or disease, and to pay reasonable medical expenses incurred.
Who must register with COID?
According to prescription, anyone who employs one or more part- or full time workers must register with the Compensation Fund and pay annual assessment fees. The Compensation Fund is a trust fund that is controlled by the Compensation Commissioner and employer contributes to the Compensation Fund. The Commissioner is appointed to administer the Fund and approve claims lodge by employees or their dependants.
An employer must register with COID within seven days after the day on which he employs his first employee. An employer must register with the Commissioner by submitting Form W.As.2 with the particulars required therein to the Commissioner.
During COID registration copies of the following documentation should be included:
- the registration certificate from the Register of Companies if they are a company or closed corporation;
- or their ID document, if they are sole owners of the business.
What are assessment fees?
The annual assessment fee is of an employer is based on their employee’s earnings and the risks associated with the type of work or profession. Before 31 March each year, all employers (including contractors) must submit a statement (return) of earnings reflecting amount paid to all their workers from the beginning of March to the end of February.
Assessment tariffs, reviewed annually, are based on the risks related to a particular type of work.
Payment of assessments
- Employers must pay within 30 days of receiving the notice of assessment;
- Employers must apply in writing to settle assessments in installments (not exceeding 12 months);
- 20% of the outstanding balance due is required upfront before instalment arrangements can be applied for;
- Should the instalment fall overdue, the full amount becomes due and payable immediately.
Failure to comply may result in:
- Penalty can be imposed for late submission of ROE (Sect 83(2) – 10%);
- Estimations will be done if no returns (ROE) are submitted (Sect 83(6)(a);
- Penalty on non-payment of assessments (Sect 87(1) – 10%);
- Interest on late payment of assessment (prevailing prime rate);
- Penalty for late reporting of accidents
- A penalty is imposed where an employee meets an accident / death and employer is not registered with the Compensation Fund (not exceeding full compensation payable to the employee (Sect 87(2)(a))
- An employer who fails to comply with a provision of this section shall be guilty of an offence – Sect 81(3)
Contractors and sub-contractors:
- Contractors and sub-contractors must register with the Compensation Fund and pay assessments;
- Failure to comply with the COID Act by the sub-contractor will make the mandatory or main contractor to be responsible for any claims from the sub-contractor’s employees (thus the need for a letter of good standing);
- The contractor may recover any such payments directly from the sub-contractor.
Letter of Good Standing:
The Letter of Good Standing is a certificate issued by the Compensation Fund to verify that a business actually exists, has paid all its statutory dues, has met all filing requirements and, therefore, is authorised to operate.
Conditions when applying for a letter of good standing:
- Employer must be registered with the Fund as per section 80 of the COID Act,
- Employer must have submitted all returns of earnings as per section 82 0f the COID Act,
- Employer must be fully assessed as per section 83 of the COID Act,
- Employer must have paid/ settled all outstanding debt as per section 86 of the COID Act.
- Employers that have entered into an instalment arrangement will only be issued with a letter of good standing on a month‐to‐month basis.
Related: Register A Company In South Africa
What happens if an employee is injured?
The amount of compensation paid to you, depends on how much you were earning when you got injured or diagnosed. If you’ve stopped working by the time a disease is diagnosed, the compensation will be worked out according to what you would’ve been earning.
Types of compensation:
Medical costs: All your medical expenses will be paid for up to 2 years, from the date of the accident or the diagnosis of the disease. You are free to choose a medical service provider you want to consult with. All medical accounts and reports should be submitted to the Commissioner.
Temporary disability: When you’re unable to work or can’t do all your work because of an injury or disease.
All medical expenses are also paid if the medical accounts are submitted to the Commissioner.
You can claim compensation for temporary disability for 1 year. This can be extended to 2 years, after which the Commissioner may decide that the condition is permanent and grant compensation on the basis of permanent disability.
Permanent disability: A permanent disability is an injury or illness that you will never recover from. The seriousness of the disability will determine whether you’ll never be able to work again or whether you’ll find work more difficult. If the disability is more than 30% disability, you will get paid a monthly pension. The size of the pension depends on what your wages were and on the seriousness of the disability. If the disability is 30% or less, you’ll get paid a lump sum. The lump sum payment is a once-off payment.
Death benefits: Burial expenses will be paid and the spouse of the deceased and children under the age of 18 (including illegitimate, adopted and step-children) are entitled to compensation. If a family member that earns money to support the family (breadwinner) is killed by an occupational injury or disease, dependants can claim from the fund.
Established in 2006, Company Partners guarantees that the services they offer meet the standards of the best in the industry. Over 30 full-time Consultants offer services and standards of the highest quality.
How To Stay On The Right Side Of The Law With A Marijuana Business
The verdict is in: It’s not (yet) legal to commercially grow cannabis, but there are multiple business opportunities for home growers that are on the right side of the law.
“The use, possession and cultivation of cannabis outside of a private space, or by, or around, under-age persons, still remains illegal,” says Paul-Michael Keichel, Partner at Schindlers Attorneys. “The caveat to this appears, however, to be that you may carry concealed cannabis in public, if the intention is to only consume it in a private space, away from under-age or non-consenting individuals.”
“What we are seeing is that most of our clients’ focus has been on the cultivation and commercialisation of cannabis itself. What is seemingly being overlooked are the secondary industries that will emerge or benefit from the legalisation of cannabis,” explains Maurice Crespi, Partner at Schindlers Attorneys.
“Take our M&R (medical and recreational) Cannabis Department as an example. Whilst not planned, it has emerged as a key department at Schindlers Attorneys. If cannabis legalisation presents an opportunity for attorneys, it begs the question as to what industry would not be presented with some form of opportunity as a result of its legalisation.
“Transport, courier services, injection moulding, advertising, fashion, accountants, medical, textiles and so on, are now all in a position to exploit the legalisation of cannabis to their benefit. I’m yet to think of an industry that will not be in a position to benefit from the legalisation of cannabis. Even Coca-Cola has found a way,” says Maurice.
Grey areas yet to be resolved
“The question that has been left open, of course, is how and where does one get the cannabis seeds to grow the plants that one is now permitted to cultivate at home, or in private? Must these be shared, or can they be sourced or sold commercially?” says Paul-Michael.
“Until this answer is clear (we’re researching presently), it’s better to err on the side of caution. However, now that the major part of the fight is lost for them, I would be very surprised if Parliament doesn’t start appreciating the massive potential for increased tax revenue that would flow from a formalised and regulated cannabis industry.
“It serves almost everyone’s interests for them to entertain this option, especially because studies show that full legalisation decreases associated harms more than decriminalisation. Consider quality control, de-stigmatisation, elimination of the black market, beneficiation, and the list goes on,” explains Paul-Michael.
“That stated, SAHPRA (www.sahpra.org.za) is entertaining licence applications by growers and distributors for medicinal use of cannabis. The requirements are very tight but, for those able to comply and get licences, the commercial opportunity is almost unquantifiable,” says Paul-Michael.
Innovative Business Solutions And Compliance
Compliance with certification is a strong way to demonstrate that you are managing your business proactively.
As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.
It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.
Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.
There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.
Related: Compliance For Entrepreneurs
Here are a few strategies that you can use to make your business more profitable in the future.
Innovative Marketing solutions
For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.
However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean? While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.
This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors. Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.
Compliance Breeds Confidence
It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.
For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.
With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.
In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.