Penalties for business owners
Failure by any person to comply with the requirements of the Protection of Personal Information Act (POPI) may result in a fine or imprisonment, or even both.
The prison sentences that can be imposed vary from case to case. In certain circumstances, the responsible person may be incarcerated for up to 12 months, and for more serious offences the maximum prescribed sentence may be up to 10 years.
In addition thereto, the Regulator may also impose an administrative fine for up to R10 million if any party has committed an offence in terms of the POPI Act.
What is an offence?
It is important to understand what constitutes an offence in terms of the POPI Act and to ensure that no employees in your business are contravening the provisions of the POPI Act. Studying the POPI Act in order to gain a clear understanding of this legislation will take a long time – time that many business owners do not have. It may be best to obtain the services of a professional to conduct training sessions to train their managers and employees in POPI legislation in order for them to fully understand the implications of the POPI Act.
Minimising your risk
Another way to minimise your business’s risk of contravening the POPI Act, is to implement policies and guidelines to regulate in what form and manner the employee is allowed to handle personal information of a fellow employee; client; supplier; etc. This will allow your business to act against an employee who acts contrary to his mandate and against the rules set out by the employer.
Implementing the aforesaid will take considerable time. If a business has not yet started with the process, it is important to begin as soon as possible to minimise the risk of the responsible person being fined or imprisoned.
ABOUT THE AUTHOR
Norman Prigge is a SEESA Consumer Protection & POPI Legal Advisor. He obtained his LLB degree from the University of Pretoria in 2009 and was admitted as an Attorney of the High Court in 2010. He started his career at SEESA in 2015.