The New Protection Of Personal Information Act (POPI)
– PART 4 –
Principle #2 – Processing Limitation: Part 2
Personal Information (‘PI’) must at all times be collected directly from the Data Subject (‘DS’) except in following cases:
- If it is contained in a public record: ‘accessible in public domain and under control of public body’ i.e. department of state …provincial … or any municipality’
- If it has been made public by DS – clearly the present use of social media by many, many people creates a bit of a conundrum as unwittingly such users are waiving this obligation/right pertaining to information and often photos placed on Facebook, Twitter, etc;
- DS has consented to it being collected from another source – given the focus of POPI it is suggested that such consent should be informed and explicit;
- If the collection from another source ‘will not prejudice the legitimate interests of the DS’;
- It is in order to enforce a law, collection in terms of SARS Act, a court order or in ‘interests of national security’ – one fears that certain institutions and government, given the hullabaloo around the recent secrecy act (Protection of State Information Act), could infringe or threaten the rights of the general public;
- If compliance would ‘prejudice a lawful purpose of the collection’;
- If compliance is ‘not reasonably practicable in the circumstances’ – this exception may well also be open to abuse and one feels that there should be a heavy burden/onus on the party relying on this exception to prove the justification.
Disclaimer: This article is intended to provide a brief overview of legal matters pertaining to the travel and tourism industry and is not intended as legal advice. © Adv Louis Nel, BENCHMARK, August 2013.
