Personal information should not be kept for longer than necessary in relation to the purpose for which it was collected or processed, according to Section 14 of the Protection of Personal Information Act.
What does this practically mean?
Personal information should be kept for as long as the record or retention thereof is:
- required by law;
- required for a lawful purpose related to a function or activity;
- instructed by a contract between 2 parties;
- consented to by the person to whom the information relates;
- used for historical, statistical or research purposes.
Personal information is defined in the Protection of Personal Information Act and includes information relating to an identifiable, living, natural person, and where it applies, an identifiable, existing juristic person; further including certain information specified in this section.
Once the personal information is no longer required, all sources thereof should be deleted, with hard-copy documentation preferably being cross-shredded, to ensure third parties cannot ascertain the data contained therein.
To find out how SEESA can help your business visit our website at
#TeamSEESA
References: