Consumer Protection & POPI

When Is A Business Allowed To Process A Data Subject’s Special Personal Information?

When Is A Business Allowed To Process A Data Subject’s Special Personal Information?

by | May 30, 2022

Section 26 of the Protection of Personal Information Act 4 of 2013 (POPIA) states that special personal information relates to a data subject's criminal behaviour, trade union membership, health or sex life, religious or philosophical beliefs, political persuasion or biometric information. Section 26 further states that a responsible party may not process a data subject's special personal information unless one or more of the following exceptions are present as per Section 27 of POPIA: If the...

read more
Imperfection Of A Vehicle Could Lead To The Cancellation Of A Purchase Agreement.

Imperfection Of A Vehicle Could Lead To The Cancellation Of A Purchase Agreement.

by | May 29, 2022

Most dealerships would have the same problem regarding defects on motor vehicles that could lead to the cancellation of a purchase agreement. The question would be whether these defects could be justified as imperfection, causing the defects to render the vehicle less useable and justifying the cancellation of the purchase agreement. The CPA defines “defect” in section 53(1) as follows: any material imperfection in the manufacture of the goods or components, or performance of the services,...

read more
Episode 118: Processing Of Special Personal Information On Vaccination Cards In Terms Of POPIA

Episode 118: Processing Of Special Personal Information On Vaccination Cards In Terms Of POPIA

by | May 11, 2022

SEESA CP & POPI legal advisors Hugo Roux and Rouchelle de Beer discuss the processing of health information related to COVID-19 in terms of the Protection of Personal Information Act, and whether a business may request proof of vaccination from employees, contractors and third parties.  They also discuss what the business may do if a person refuses to provide proof of vaccination. Click on the play button below to listen to our podcast! Should you require additional information...

read more
Can The Information Regulator Extract Damages From The Responsible Party Even If It Is Not Negligent?

Can The Information Regulator Extract Damages From The Responsible Party Even If It Is Not Negligent?

by | May 9, 2022

There are two potential areas of litigation for a data breach under the Protection of Personal Information Act 4 of 2013 (POPIA). The first is that the party liable for the data breach may have to argue its case before the Information Regulator. The second is that the responsible party may face civil action. Section 99(1) of POPIA states that: “A data subject or, at the request of the data subject, the Regulator, may institute a civil action for damages in a court having jurisdiction against a...

read more
Condition 7 for the Lawful Processing of Personal Information and Security Safeguards

Condition 7 for the Lawful Processing of Personal Information and Security Safeguards

by | May 6, 2022

In 2018, the European Union (EU) General Data Protection Regulation (GDPR) came into effect. As the international standard for data protection laws, the GDPR has formed the basis for many data protection laws worldwide, including South Africa’s Protection of Personal Information Act 4 of 2013 (POPI). POPI prescribes eight conditions for lawful processing of personal information, which broadly accord with the principles found in the GDPR. It also sets out the roles of various parties involved...

read more
DYK- Unsolicited Goods Can Be Kept Without Paying For Them

DYK- Unsolicited Goods Can Be Kept Without Paying For Them

by | May 5, 2022

There have been many instances where suppliers leave goods at consumers’ premises and later threaten the consumer that they need to pay for the goods. You can keep the goods without paying for them if you have informed the supplier that the goods: Were left without requiring or arranging for payment;Differ from goods that have been previously supplied;Were delivered after the termination of an agreement regarding the supply of goods;Were delivered at the wrong place or time; orWere never...

read more
Cancellation Due To Misrepresentation Or Deception And Available Remedies

Cancellation Due To Misrepresentation Or Deception And Available Remedies

by | May 3, 2022

There have been many cases where consumers have entered into contracts with suppliers and later realised that a salesperson has misrepresented the product or service. Usually, contracts will provide the steps and procedures that need to be taken when a party to the contract wishes to cancel the contract. The Consumer Protection Act (the “Act”) also makes provisions for cancelling an agreement under certain circumstances. The consumer should not have to suffer undue hardship due to...

read more
DYK- Unsolicited Goods Can Be Kept Without Paying For Them

DYK – The Information Officer Has Responsibility To Conduct POPIA Internal Awareness Session

by | Apr 7, 2022

In terms of regulation 4(e) of the Regulations Relating to the Protection of Personal Information Act, it is the responsibility of the Information Officer to ensure that “internal awareness sessions are conducted regarding the provisions, regulations, code of conduct, or any information obtained from the Information Regulator”. The effect of this clause is that the company and Information Officer must remain up to date with the provisions, codes of conduct and any other information regarding...

read more
Condition 7 for the Lawful Processing of Personal Information and Security Safeguards

Misleading Representations And Debt Collecting

by | Apr 5, 2022

A common scam that has been operating in South Africa for several years has recently come under the spotlight again after the Debt Collectors Council of South Africa stepped in. With many queries from clients who have fallen victim to this scam and its harassment, it is proper to address the issue in a legal context. The scam: The company will contact you and inform you that they are performing a service for their client and would like to confirm your contact details at no cost. They will send...

read more
Can The Information Regulator Extract Damages From The Responsible Party Even If It Is Not Negligent?

How Should My Business Respond To A Data Breach?

by | Apr 4, 2022

Businesses must be aware of the legal requirements when a data breach takes place so that they can be swift in their response, as failure to comply is considered an offence under the Protection of Personal Information Act. The first step is to notify the Information Regulator and the Data Subject/s (should their identity be known) of the breach. The notification must be done as soon as reasonably possible after the discovery unless where, for example, there is a criminal investigation pending....

read more

Recent Posts

    Categories