Archive for August, 2012

South Africa’s proposed privacy law calls for fines of up to R10-million rand or prison terms of up to 10 years for directors of companies and organisations failing to comply with its provisions. The Protection of Personal Information Bill (PPI), which is in its seventh and final draft, is being circulated in parliament and is expected to be signed into law in the next few months.

The bill has been generally welcomed as a necessary protection of the privacy rights enshrined in the Constitution and will bring South Africa in line with international data protection laws which require the protection of personal information collected and processed by public and private organisations. The bill requires organisations to establish appropriate policies and procedures to protect the various forms of data that are part of their business operations.

Any organisation processing information such as names, addresses, e-mail addresses, ID numbers, employment history, health data associated with an individual; or organisations outsourcing data to third parties, will have to comply with PPI. All organisations have personal information about shareholders, employees, customers and suppliers and this data falls under the provisions of PPI.

The bill is expected to take effect this year, and businesses and organisations will be given a year to comply with the provisions of the bill. It is important to note though that the PPI is not intended to impede economic and social progress and efforts will be made to balance the need to protect personal privacy with the need to develop and build the South African economy and society.

The PPI bill states that personal information will have to be collected directly from the person involved and consent from the individual will be required before the information can be processed. Personal information that will be processed further than the initial purpose of collection must comply with the conditions of the bill. Data can only be collected for a specific, explicit and lawful purpose and the processing of personal data must be compatible with the stated purpose of collection or must be legally compliant. Companies will be responsible for the security and integrity of personal data and security measures have to be put in place if a third party processes information on behalf of the company.

Geospatial technologies have the power to build and transform our society in ever-evolving ways and the reach of these technologies are reliant on data sharing principles that are much discussed within the geospatial sector. While much of the data used, collected, maintained and/or visualised by geospatial specialists does not contain personal information relating to individuals, there certainly is data being used, collected, maintained and/or visualised that does contain personal information. Organisations working with this kind of data need to be aware of the PPI bill and its legal implications for their organisation.

While the proposed bill has implications for all South African organisations, there are implications for the South African geospatial industry that are not readily apparent as yet. Our geospatial industry will need to keep an eye on developments with regard to personal privacy to ensure that there is a balance between the need to protect privacy and the societal benefits that geospatial technologies can bring about.



Read Full Post »

%d bloggers like this: