business law (Popi Act) Flashcards
(13 cards)
What is the meaning of personal information?
Information in relation to a living human being that is applicable and identifiable. It also includes juristic persons.
Examples of personal information include contact details, age, sex, email accounts, financial history, criminal records, employment history, medical records, and pregnancy status.
Who is the data subject in the context of the POPI Act?
A person whose personal information is being used, stored, or processed.
Refer to Section 11 of the POPI Act.
What is the role of the operator under the POPI Act?
The party that processes the personal information or data of the data subject.
Refer to Section 20 of the POPI Act.
Define the responsible party in the POPI Act.
The parties who determine why, how, and when personal information of the data subject is being used, processed, or stored.
This is discussed in the POPI Act.
What are the restrictions on information under the POPI Act?
The information must be relevant to the business, security measures are required, and there must be an expiry date on information.
Refer to Section 21 of the POPI Act.
What must data be available to, according to Section 23 of the POPI Act?
The customer.
This ensures transparency in data handling.
How can risks be limited in a technology-driven world?
Be vigilant about sharing information, wary of applications on mobile devices, and mindful of what you connect to in terms of networks.
It is important to assess why you are being asked to provide information.
What does Section 13 of the POPI Act state about the collection of personal information?
Personal information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of a responsible party.
Steps must be taken to ensure that the data subject is aware of the purpose of the information collection.
What civil remedies does Section 99(1) provide in the POPI Act?
A data subject or the regulator may institute a civil action for damages against a responsible party for breach of any provision of the act.
This applies whether there is intent or negligence on the part of the responsible person.
What are the maximum penalties for non-compliance with the POPI Act?
Fines up to 10 million or imprisonment for a period not exceeding 10 years, or both.
This emphasizes the seriousness of data protection laws.
What can companies do to ensure compliance with the POPI Act?
Offer training to employees, appoint a Data Protection Officer (DPO), and employ an IT specialist to install safeguards.
These measures help protect the company from outside threats.
What does Section 101 of the POPI Act state about breach of confidentiality?
Any person who contravenes the provisions is guilty of an offence.
This highlights the legal repercussions of violating confidentiality provisions.
What are the implications of non-compliance with the POPI Act?
Financial implications include costly legal action, legal implications involve prosecution for breaches, and reputational damage.
Organizations must consider these factors to maintain trust and integrity.
