A lot has been said about this very controversial new act soon to be passed by government. This act (Protection of Personal Information Act) contains certain principles one will have to take to heart and deal with as an employer, mainly in terms of a company’s code of conduct. The sooner employers adopt these principles into day to day conduct the easier it will be to comply with legislation once enacted.
In broad terms these principles are the following:
Any person who stores personal and private information about anyone else may not do so without the direct and well informed consent by the effected person. (The act refers to such a person as a ‘data subject’).
Any ‘data subject’ may request to review any information stored about them at any time and such information may not be withheld. The ‘data subject’ may request for corrections to be made to erroneous information and the data holder will be obliged to make such corrections. Should any dispute arise in such an instance a ‘data ombudsman’ as appointed in terms of the act will be available to act in the interest of the ‘data subject’.
No data may be disclosed to any person without the direct and informed authorization by the ‘data subject’. A breach in this regard will be considered a serious and punishable offence.
No alterations or changes of any nature may be made to the information or data kept on a ‘data subject’ without the direct and informed authorization of the ‘data subject’.
No data may be released to any person resulting in the distinctive identification of a ‘data subject’ for the purposes of research, statistics or any other similar purpose.
Practical impact of these principles:
No personal information about anyone in your organization may be shared or transferred to any outsider without consent by the effected person or for a reason recognized by law.
Employees working with the personal information of employees have to be educated on the principles of the new act and how to deal with requests by any person doing enquiries regarding “data subjects’. The golden rule should be not to disclose any information to any person if you are not convinced it is correct to do so. In such an instance a senior managerial employee should be consulted.
No one should hold on to any information or data regarding any employee if it is not crucial for the operation of the business.
Security measures regarding the protection of employee information will have to be reviewed in order to ensure the safe keeping of information.
Sources: Andrew Levy, Labour Bulletin& Draft Legislation.