POPIA: The Protection of Personal Information Act
Last updated
Last updated
Underpinning the beneficiary administration process is the collection and processing of personal information pertaining to subsidy beneficiaries and occupants of subsidy properties. This must adhere to the Protection of Personal Information Act (POPIA)
The eight principles of POPIA are summarised below
Beneficiaries and occupants about whom information is collated or who provide personal information are referred to as data subjects.
Provisions of POPIA allow for the collection of information where the collection of this data "is necessary for the proper performance of a public law duty by a public body".
The consent of the data subject is therefore not required. However, all data subjects should be made aware of the data that is collected and processed, how it is used, their rights to inspect the data and to amend any errors
In addition, this information must be handled and processed with due care in line with other provisions of POPIA.
All data must be saved in a secure, password protected environment. Ideally this should be centralised so that the chances of a data breach are minimised
All team members who work with beneficiary data should be made aware of the importance of protecting this information
There should also be a clear protocol with respect to a data breach
Given that data is often processed by third parties, including field work companies, data analysts and conveyancers, who assist in the beneficiary administration process, it is critical that they are made aware of the importance of safeguarding this information and have appropriate measures in place internally to secure the data they collect or process. Third parties who process personal information should sign a third party agreement to warrant that they will abide by POPIA and other applicable laws. Specific undertakings in this agreement include use the data to fulfil the terms of the contract only, a commitment that the third party has taken all reasonable steps to secure the data and prevent unauthorised access to the data
A sample third party agreement is provided:
Key definitions from POPIA are provided below
