Wellbi abides by relevant legislation governing all aspects related to the collection, processing and storage of personal information.
The Protection of Personal Information Act, no. 4, promotes1:
the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.
Werkmans Attorneys noted2:
The Protection of Personal Information Act, no. 4 of 2013 is intended to promote the right to privacy entrenched in the Constitution of South Africa, while at the same time protecting the flow of information and advancing the right of access to and protection of information.
POPIA establishes the rights and duties that are designed to safeguard personal data in terms of the ACT, the legitimate needs of organisations to collect and use personal data for business and other purposes are balanced against the right of individuals to have their right of privacy, in the form of their personal details, respected.
The purpose of POPIA, can by summarized as follows4:
- To give effect to the constitutional right to privacy, in particular the safeguarding of personal information;
- To regulate the processing of personal information in harmony with international standards;
- To prescribe minimum requirements for the lawful processing of personal information;
- To provide the rights and remedies for the protection against abuses of personal information; and
- To establish an Information Regulator to promote, enforce and fulfil the rights protected by POPIA.
This Act regulates the following5:
- Collection and procurement of personal information;
- Lawful processing of personal information;
- Retention and restriction of records;
- Security safeguards and compromises;
- Processing of special personal information;
- Processing of personal information of children;
- Establishment of Information Officer and Information Regulator;
- Rights of data subject regarding direct marketing;
- Transborder information flow;
- Information Regulator’s powers and authorities; and
- Fines and penalties.
POPIA applies to6:
- information that is processed automatically;
- information recorded on paper; and
- health records and certain public authority records
Wellbi adheres to this framework in the following way:
- Wellbi is legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Physical security;
- Computer and network security;
- Access to personal information;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Governance and regulatory issues;
- Monitoring access and usage of private information;
- Investigating and reacting to security incidents.
- Wellbi requires user organisations to ensure that data collection and the procurement of personal information is done with the necessary consent from its beneficiaries (data subjects).
- The Wellbi platforms are accessed with unique usernames and passwords, different levels of access, which is tied to user-specific identifiers. Only users identified as managers will have access to reports, intervention indicators (‘flags’) and intervention notes.
References:
- The Protection of Personal Information Act, no. 4 (Assented to 19 November 2013). Government Gazette, Republic of South Africa.
- https://www.werksmans.com/wp-content/uploads/2018/11/popia.pdf (accessed on 11/01/2021).
- https://www.michalsons.com/focus-areas/privacy-and-data-protection/protection-of-personal-information-act-popia
(accessed on 11/01/2021).
- Protection of Personal Information, Guidelines to the POPI ACT. SEESA(PTY) Ltd, (2020).
- Protection of Personal Information, Guidelines to the POPI ACT. SEESA(PTY) Ltd, (2020).
- https://www.werksmans.com/wp-content/uploads/2018/11/popia.pdf (accessed on 11/01/2021).