
Whilst it’s a bit of a bitter pill for a lawyer to swallow, no one wants to sit and make sure that they’re dotting every “I” and crossing every “T” from a legal perspective. We get it though, law is complex, verbose, and according to many (even most lawyers) boring as sin. It is, however, a necessary and inescapable reality for everyone, but especially legal entities like companies, close corporations, trusts, etc. Why? Because the consequences of non-compliance with the law can be dire, and trying to clean up the proverbial milk once it has already been spilled might be too little, too late.
In this blog post, I will discuss non-compliance with two separate pieces of legislation, the Protection of Personal Information Act 4 of 2013, as amended (“POPI”), and the Promotion of Access to Information Act 2 of 2000, as amended (“PAIA”). Please be aware that these are naturally not the only pieces of legislation that give rise to legal obligations. These are only a few examples to illustrate what might happen if you don’t ensure that you comply with regulations and legislation that applies to you. If you’re unsure as to whether you are in a regulated industry or not, get in touch with one of our lawyers and we can assist you in figuring it out.
The Protection of Personal Information Act 4 of 2013
Non-compliance with POPI can have many unfavourable consequences. What constitutes compliance in terms of POPI is beyond the scope of this blog post, but we are available should you need to discuss this in greater detail.
Chapter 10 of POPI deals with “Enforcement”, while chapter 11 deals with “Offences, penalties, and administrative fines.”
Chapter 10 provides mechanisms by which data subjects (being “the person to whom personal information relates”) may submit complaints to the Information Regulator based on their experiences with the parties responsible for processing their personal information, and the procedures by which those complaints are adjudicated on by the Information Regulator. After a proper and formal investigative process, a complaint may lead to an “enforcement notice”, which will require the person against whom the complaint was issued (subject to the findings of the investigator) (“the Respondent”) to take specified steps within a specified period, or refrain from taking such steps, or alternatively to stop processing personal information specified in the notice, or to stop processing it in a certain manner. The enforcement notice will also contain a statement indicating the nature of the interference with the protection of the personal information of the data subject and the reasons for reaching that conclusion, and the particulars of the rights of appeal that the Respondent has. Lastly, chapter 10 deals with the civil remedies that a data subject may institute in court against the Respondent.
Chapter 11 lists certain offences, penalties, and administrative fines that may be levied against the Respondent. Most important for the purposes of this blog post is section 107, which provides for the liability of a person who is convicted of an offence in terms of POPI to a fine, a period of imprisonment, or to both a fine and such imprisonment. Especially relevant is the fact that administrative fines may not exceed an amount of R10 million, which is an amount of money that few businesses can realistically afford to pay.
The Promotion of Access to Information Act 2 of 2000
In terms of section 51 of PAIA, it is a legal requirement for each private body to have a regularly updated manual which acts as a guide for someone seeking to request access to a record (document) of the private body. There are also extremely specific guidelines relating to the situation that arises where a third-party requests access to the records of a private body. These include inter alia the manner by which that the information must be requested by the third-party, and the grounds on which the private body may refuse to provide access to such information.
Here again, PAIA provides for offences that are committed in circumstances where a person destroys, damages, alters, conceals, or falsifies a record “with the intent to deny a right of access” in terms of PAIA. Crucially, the head of a private body who wilfully or negligently fails to comply with the provisions of PAIA relating to the release of a manual as mentioned above commits an offence and is liable on conviction to a fine, or to imprisonment for a period not exceeding two years.
Conclusion
Non-compliance with your legal obligations may easily be dismissed as unimportant, because how often do you hear of people getting into trouble for this stuff? Unfortunately, it happens extremely often, and (as seen above) the consequences can impact not only on your business’ bottom line, but also in certain circumstances, your personal freedom. So, the bottom line here is that while compliance may be difficult, boring, and costly, it is absolutely the lesser of two evils. The cost is a drop in the ocean in comparison with the potential non-compliance fines, and I’m sure most of those reading would prefer not to spend any time in jail.
Set up a consultation with a Legalese lawyer if you are unsure as to whether you are appropriately compliant with legislation and regulations that are relevant to you, and we can assist you through the process of becoming compliant in a manner that won’t cost you an arm and a leg. Our unique approach also makes the process a lot simpler and more palatable.
– Kyle Freitag