Protection of Personal Information
The purpose of this Act is to ensure all South African businesses conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise the third party’s personal information in any way.
POPI legislation considers your personal information to be ‘precious goods’ and therefore aims to grant you, as the owner of your personal information, certain rights of protection and the ability to exercise control over the following:
- When and how you choose to share your information (with consent).
- The type and extent of information you choose to share (information must be collected for valid reasons).
- Transparency and accountability on how your data will be used (limited to the purpose it was collected for).
- Providing you with access to your own information, as well as the right to have your data removed and/or destroyed should you wish.
- Who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorized people, even within the same company, from accessing your information.
- How and where your information is stored (there must be adequate measures and controls in place to safeguard your information to protect it from theft, or being compromised).
- The integrity and continued accuracy of your information, i.e. your information must be captured correctly and once collected, the institution is responsible to maintain it.
It is thus agreed that MedfinSA shall limit disclosure of confidential information within its own organisation to its directors, officers, partners, members, employees and/or independent contractors (collectively referred to as “affiliates”) having a need to now. The recipient and affiliates will not disclose the confidential information obtained from the discloser unless required to do so by law.