While some of the initial dust has settled after 1 July 2021 which was the compliance deadline date for the implementation of Protection of Personal information within an organisation, it is not time to become complacent with just drawing up the relevant policies and procedures. Companies must not only ensure that they have implemented the relevant technological safeguards, identified and appointed the relevant people responsible for the safeguarding the processing of personal information but that they have taken steps to bring the appropriate level of awareness to all employees within the organisation. Depending on their position within your company and their associated responsibilities, it may be sufficient to provide employees with training as to what personal information is, and why it needs to be a safeguarded, including a short lesson on the advent of the intent and social media along with a discussion around cybercrimes and how to both spot them and avoid them in their personal lives. However that is not where the buck stops with all your employees and company’s must take additional steps for employees at middle, senior management and sales staff, for employees whose job function it is to deal with personal information (be it for an external or internal individual) and anyone employee who has access to email and the internet.
The purpose of the POPI Act, as defined by the Act itself, is to protect personal information, to strike a balance between the right to privacy and the need for the free flow of, and access to information, and to regulate how personal information is processed.
The Act applies to any individual without bias and to those who are in the possession of any personal information belonging to another, unless those records are subject to other legislation which protects such information more strictly. The Act sets the minimum standard regarding personal information as well as regulating the “processing” of personal information. By “processing” the Act refers to the collecting, receiving, recording, organising, retrieving, or use of any such information; and the distribution or sharing of any such information.
Audio Recordings in the Workplace
Examining what the law says about audio recording of meetings, conversations etc.
With ever changing and advancing technological developments that have been made readily available to the public, employers are increasingly confronted with secret audio recordings being submitted as evidence. Technology has made it easy to capture audio recordings with small and easily concealable devices, an iPod or smartphone can record lengthy discussions without detection.
This trend of behaviour can be expected given South Africa’s current socio-economic climate, which has heightened the importance of job security for many South Africans. Employers, it would seem, aren’t catching onto this trend and would not ordinarily record their employee meetings or disciplinary proceedings.
Protection of Personal information Act having been promulgated in November 2013, various questions have been raised by employers regarding their rights to question or obtain information from employees. One of the questions regularly dealt with, is whether the employer is entitled to question employees about medical conditions listed on medical certificates when they have been booked off work. The question may arise where, for example, an employer is concerned that a medical condition may be hazardous to other employees if they are exposed to the affected employee.