The pencil test here refers to the OTHER test (I get sniggers every time I mention the pencil test - I think I know why, I can't be sure that I would pass the former test)
What is POPI: The Protection of Personal Information (POPI) Act explained
In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information by holding them accountable should they abuse or compromise your personal information in any way. The PoPI legislation basically considers your personal information to be "precious goods" and therefore aims to bestow upon you, as the owner of your personal information, certain rights of protection and the ability to exercise control over:
- when and how you choose to share your information (requires your consent)
- the type and extent of information you choose to share (must be collected for valid reasons)
- transparency and accountability on how your data will be used (limited to the purpose) and notification if/when the data is compromised
- providing you with access to your own information as well as the right to have your data removed and/or destroyed should you so wish
- who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing your information
- how and where your information is stored (there must be adequate measures and controls in place to safeguard your information to protect it from theft, or being compromised)
- the integrity and continued accuracy of your information (i.e. your information must be captured correctly and once collected, the institution is responsible to maintain it)
Examples of "personal information" for an individual could include:
-
Identity and/or passport number
-
Date of birth and age
-
Phone number/s (including mobile phone number)
-
Email address/es
-
Online/Instant messaging identifiers
-
Physical address
-
Gender, Race and Ethnic origin
-
Photos, voice recordings, video footage (also CCTV), biometric data
-
Marital/Relationship status and Family relations
-
Criminal record
-
Private correspondence
-
Religious or philosophical beliefs including personal and political opinions
-
Employment history and salary information
-
Financial information
-
Education information
-
Physical and mental health information including medical history, blood type, details on your sex life
-
Membership to organisations/unions
From here
This act doesn't bother SANAS at all. Oh no, in order to ensure that correct levels of transformation are empirically verified they want certified ID books, payslips and employment contracts and interviews etc - some cat at SANAS apparently wants the ID books in colour too.
The issue here is that this is a violation of an employee's rights, rights that are protected under POPI. Do employees know and actively give their consent to have their personal information shared with a third party. Do those employees who declare that they have a disability expecting that their confidence will not be broken, know that this trust is not honoured? What would that person think when they are interviewed by a third party about this disability?
An issue has now arisen where one of my clients has made a large donation to a school under SED (which I am now going to re-appropriate for skills). The head told me that she cannot send out ID books to some third party. The verification agency is now going to have to go to that school to check the documents. They will not be allowed to take copies with them. This will have to go into the file along with a copy of POPI.
I think that we need to rethink the verification process. It needs to be harmonised with a number of Acts that it flagrantly disregards.
Comments