In 2020, Everlytic and Elizabeth from Novation Consulting hosted a POPIA Webinar Series to unpack the legalities of the POPIA legislation that will be enforceable in South Africa from 1 July 2021. In this POPIA Q&A blog series, we share some of the questions we received during the three webinars and the answers Elizabeth provided. This blog covers the questions we received on data collection, privacy, and storage.

POPIA Q&A: Data Collection, Privacy & Storage | Data Collection | Man on Laptop

Data Collection Q&A:

This is a problem as it discloses everyone’s details – this is a data breach. You’ll need to create a WhatsApp group that doesn’t expose everyone’s data.

WhatsApp is fine if you’re not displaying everyone’s phone numbers to the group – there are settings for this.

Photographs, however, are private information. The question you have to ask yourself when deciding if you can share these is: did the people in these photos have an expectation of privacy or is it expected that someone would be taking photos at the event?

Overseas Regulators are calling for a common-sense approach. So, if you’re at a public event and there are photographers, an attendee can probably assume that their picture will be taken. Our Regulator is yet to clear this up, but the European regulations may be a good indicator of what’s to come in South Africa.

You can and must keep information for as long as the purpose remains valid. So, start thinking about how long you may need this information.

In marketing, some people request that their information be deleted from your database. The problem with this is that if you delete the information, you run the risk of contacting them again if their information finds its way onto your list again. You will have to keep at least the email address or mobile number to ensure that you know who not to contact.

According to POPIA, you can keep information for as long as the reason for keeping it is valid. If there’s a transaction involved, you’ll need to keep the information for a while for tax reasons.

If you want to keep it for convenience, ask the client. Offer them the option for you to keep the information for their convenience next time they want to use your services, so they don’t have to fill in the information again. Then ensure you keep the information secure.

In general, there’s no regulation that prevents you from obtaining this info, particularly if you’re obtaining it from the person directly and the sharing of this info is voluntary. However, it must only be collected if it’s necessary and for a valuable purpose.

If you go this route, indicate to the client that this is voluntary, what the effect would be if they don’t give it to you, and that they can opt out at any time.