The Protection of Personal Information Act (POPI) regulates how personal information is managed, stored, updated, used and given to a 3rd party. This act is in line with international regulations.
As a client of Treehouse Talks and due to the web based nature of Treehouse Talks, the POPI act has obligations on both the "Responsible Party" being you, the client, as well as the "Operator" of the personal information, being Treehouse Talks, who processes and stores the information on behalf of the responsible party . The good news is, as the operator, Treehouse Talks complies with the POPI act 100% in that our primary obligation is to take reasonable technical and operational steps to secure our computing environment.
As per our standard terms and conditions we also undertake to never sell or share any information with any other company, user and/or third party unless obliged to do so by law or legal process.
What is 'Personal Information'?
'Personal Information' is defined and includes (but not limited to) -
1. Demographic information about the individual -
- Race / Nationality / Ethnic group / Social origin / colour
- Marital status
- Sexual Orientation
- Physical or mental health / well-being / disability
- Religion / conscience / believes
- Culture / Languages
2. Education, medical, criminal, employment or financial history
3. Identification Number (ID Number)
4. Email address, telephone number, cell phone number,
5. Physical address, location information, online identifier/information
6. Biometric Information
7. Personal opinions, views or preferences
8. Explicitly or implicitly private or confidential correspondence
9. Views of other people about the individual
10. The individual's name if it appears together with other personal information about the individual or if the name would reveal information about the individual.
When can 'Personal Information' be lawfully processed?
The POPI Act specifies eight (8) conditions that must all be complied with for any processing, administration or dissemination to be legally compliant. These eight conditions are listed below -
1. Accountability (of the employer)
2. Processing Limitations (various criteria for legal processing)
3. Purpose Specific (the data must be held for a purpose)
4. Further Processing Limitation (data can only be used for its purpose and not beyond that)
5. Information Quality (the data must be accurate)
6. Openness (individual must be informed, processes must be transparent)
7. Security Safeguards (reasonable steps to keep the information secure must be taken)
8. Data Subject Participation (individual can request / discuss information with employer)