Government and POPIA – applicable or not?

“With all the talk of POPIA coming into effect and businesses having to get ready to comply, I was wondering whether government and municipalities also need to comply with POPIA. Surely, government entities have a lot of personal information in their possession that they must protect.”

The Protection of Personal Information Act 4 of 2013 (“POPIA”) has been enacted to give effect to the constitutional right to privacy as enshrined in section 14 of the Constitution of the Republic of South Africa, 1996. POPIA does this by putting measures in place to safeguard personal information when such is processed by a public or private body or any other person which alone or in conjunction with others determines the purpose of and means for processing personal information. Any such body processing personal information is referred to as a ‘responsible party’.

To answer your question. Yes, government must comply with POPIA. POPIA determines that a public body is also deemed to be a responsible party for purposes of POPIA. A public body is any department of state or administration in the national, or provincial sphere of government or any municipality in the local sphere of government, or any functionary or institution when exercising a power of performing a duty in terms of the Constitution or provincial constitution, or exercising a public power or performing a public function in terms of any legislation.

POPIA therefore applies equally to a public or private entity when it comes to the processing of personal information. That said, POPIA does create certain exceptions, and excludes public bodies from the application of POPIA where these bodies process personal information that involves national security, including activities that are aimed at assisting in the identification of the financing of terrorist and related activities, defence or public safety, or the purpose of the information is the prevention, detection, including assistance in the identification of the proceeds of unlawful activities and the combating of money laundering activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures to the extent that adequate safeguards have been established in legislation for the protection of such personal information. 

However, unless exempted, government will need to comply with POPIA in the same way as any other responsible party.

June 14, 2021
POPIA: protecting health and sex life data privacy

POPIA: protecting health and sex life data privacy

New draft Regulations to the Protection of Personal Information Act 4 of 2013 (“POPIA)” have been circulated for comment and relate to the processing of health and sex life data. Given the sensitive nature of such information, the fear of many data subjects has circled the unconsented sharing or processing of the data as it pertains to health and sex life. In this article, we take a brief look at the proposed new regulations.

Sign up to our newsletter

Pin It on Pinterest