The Protection of Personal Information Act (POPI) has been signed into law, the commencement date to be determined. From the date of commencement, there is a grace period of 12 months before compliance with the Act will be enforced.
In technical terms, this is a “general information protection statute” designed to prevent the negligent disclosure of personal information. This means that an organisation or “responsible party” can only capture, use and store personal information with express consent. This is applicable to personal information of individuals as well as personal information relating to ‘juristic persons’, e.g. companies or organisations.
The purpose of the Act is to:
- safeguard personal information in line with the constitutional right to privacy in line with international standards for data protection;
- regulate the manner in which personal information is processed;
- provide rights and remedies to protect personal Information;
- establish an Information Protection Regulator.
The attached documents from the ISASA Policy Unit provide additional information on protection of information and confidentiality in independent schools.