The Protection of Personal Information Act 4 of 2013 ("POPI") has been signed into law but is still awaiting commencement on a date to be determined by the President. At this stage, there is no certainty as to when this will be, with speculation that it may still happen towards the end of this year.
Employers have one year from the date of commencement to comply with POPI.
POPI covers the entire employment spectrum from recruitment to retirement, in that it governs the pre-employment screening of job applicants, the processing of personal information of employees during employment and the retention of personal information of employees post-employment.
Certain practical steps which an employer can take in order to ensure compliance with POPI, include:
- Designate an Information Officer to oversee compliance with POPI;
- Review job application forms to ensure that the forms contain the requisite consent for the pre-employment screening checks to be conducted by the employer or a third party on behalf of the employer. Significantly, the employer remains accountable to ensure compliance with POPI even though the employer has entrusted a third party to conduct the relevant screening checks;
- Establish adequate safeguards when appointing recruiters to conduct the pre-employment screening checks in order to ensure that they comply with the provisions of POPI on the employer's behalf;
- Consider whether there is a legitimate and justifiable purpose for the collection of certain information of employees;
- Compile a data processing consent form for existing employees which authorizes the processing of their personal information. The employer bears the burden of proving that it has its employee's consent in order to process personal information;
- Amend contracts of employment in terms of which new employees confer consent to their employer in order to process their personal information;
- Prepare a Policy which will govern the processing of personal information throughout the employment life cycle.
We recommend that employers should already begin taking steps towards compliance with POPI before one is exposed to the risk of an administrative fine in the event of the commission of an offence or penalty for non-compliance.