The Protection of Personal Information Act, Act 4 of 2013 (“POPIA”), provides for the protection of Personal Information of a Data Subject which is processed by all natural and juristic Persons.
The next few issues of De Novo will explore the subject of lawful Processing of Personal Information and the legal requirements for compliance thereof. In this issue we will provide the definitions contained in POPIA to be used throughout our series. This will provide the reader with the required terminology of POPIA to provide a contextual understanding of the contents of the remainder of the series.
The following terms / phrases will be used in this series:
‘Data Subject’ means the Person to whom Personal Information relates; …
‘Operator’ means a Person who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party;
‘Person’ means a natural or juristic person;
‘Personal Information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person, including, but not limited to –
- information relating to the race, gender, sex, pregnancy, martial status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the Person;
- information relating to the education or the medical, financial, criminal or employment history of the Person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the Person;
- the biometric information of the Person;
- the personal opinions, views or preferences of the Person;
- correspondence sent by the Person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the Person; and
- the name of the Person if it appears with other Personal Information relating to the Person or if the disclosure of the name itself would reveal information about the Person;”
‘Processing’ means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including -
- the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
- dissemination by means of transmission, distribution or making available in any other form; or
- merging, linking, as well as Restriction, degradation, erasure or destruction of information;”…
‘Record’ means any recorded information –
- regardless of form or medium, including any of the following –
- writing on any material;
- information produced, recorded or stored by means of any tape-recorded, computer equipment, whether hardware or software or both, or other device and any material subsequently derived from information so produced, recorded or stored;
- label, marking or other writing that identifies or describes any thin of which it forms part, or to which it is attached by any means;
- book, map, plan, graph or drawing;
- photograph, film, negative, tape or other device in which on ore more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
- in the possession or under the control of a Responsible Party;
- whether or not it was created by a Responsible Party; and
- regardless of when it came into existence; …
‘Responsible Party’ means a public or private body or any other Person which, alone or in conjunction with others, determines the purpose of and means for Processing Personal Information;
‘Restriction’ means to withhold from circulation, use or publication any Personal Information that forms part of a filing system, but not to delete or destroy such information;
Do not miss out on our next issue where we will discuss the conditions applicable for the lawful Processing of Personal Information as contained in Chapter 3 of POPIA, starting with conditions 1 through 3.