Latest News Archive

Please select Category, Year, and then Month to display items
Categories
UFS News Media Release Research
Years
2017 2018 2019 2020 2021 2022 2023 2024
Months
January February March April May June July August September October November December
Previous Archive
01 July 2020 | Story Francois Quintin Cilliers | Photo Supplied
Francois Quintin Cilliers.
With the remainder of the Protection of Personal Information Act 4 of 2013 (POPIA) coming into effect on 1 July, South Africans are finally getting some much-needed protection when it comes to the selling and unauthorised use of their personal information. The purpose of the Act is to protect people from harm by protecting their personal data, protecting their privacy, and to stop their money and identity from being stolen. 

The commencement of the provisions of the Act will affect all South African citizens and must be taken seriously. The Act provides protection to individuals whose personal information is gathered and used in any manner, which essentially includes the vast majority of South African citizens and companies, especially those dealing with the processing and use of personal information, such as banks, medical aids, telecommunication companies, internet service providers, etc.

The objective of the POPIA
POPIA was promulgated in November 2013 after an investigation into privacy and data protection by the South African Law Reform Commission. The objective of the Act is to give effect to the right to privacy, as provided for in section 14 of the Constitution of 1996, and aims to regulate the processing and use of personal information by private and public bodies in line with international standards. 

Initially, only certain sections dealing with administrative matters (such as definitions, the establishment of the Information Regulator and the procedure for making regulations, etc.) came into operation in 2014. The commencement date of the remainder of the Act was scheduled for 1 July 2020, and public and private bodies are provided one year from this date to ensure that their practices comply with the provisions of the Act.

Compliance with the Act is extremely important. Less serious offences, such as obstructing an official in the execution of their duties, could lead to a fine or imprisonment of up to 12 months or both. More serious offences could lead to a fine of up to R10 million, or 10 years’ imprisonment, or a combination of both.  

Personal Information 
‘Personal information’ is defined as information that relates to an identifiable, living, natural person and an identifiable existing legal entity. The Act lists eight specific types of information included in this definition, ranging from your name to your biometric information to your personal opinions. Just as a clarification, though, any information shared on social media is regarded as a publication and will generally not enjoy protection. 

The Act also provides for ‘special personal information’, which can only be processed with the prior consent of the data subject if necessary by law, if it has already been made public by the data subject or if it is done for historical, statistical or research purposes. Section 34 prohibits the processing of the personal information of a child, unless it is required by law, collected with the consent of a competent person (a parent or legal guardian), if it is in the public interest or used for statistical, historic or research purposes without adversely affecting the privacy of the child.

The Act clarifies the rights of the ‘data subject’, which is the being to whom the personal information relates. In this regard, we are afforded the following rights: to have access to personal information that is kept or used by any private or public body; to be informed if someone is collecting or has accessed our personal information; to have any incorrect or obsolete information corrected or destroyed; and to object to any unauthorised use (or ‘processing’) of personal information. The ‘responsible party’ or ‘data controller’ is the public or private body that essentially processes personal information. This includes employers who process the personal information of their employees and clients.

The ‘processing’ of personal information is any operation or activity, whether automated or not, pertaining to the collection, receipt, storage, modification, sharing or destruction of personal information. This may only occur with the consent of the data subject, if required by law, if it protects the legitimate interests of the data subject, or if it is necessary for performance in terms of a contract to which the data subject is a party.

Who is collecting information and why
Section 18 prescribes that the following should be shared with the data subject once any personal information is collected: the source from which the information is being collected, the name and address of the party collecting the information, the purpose of the collection, whether the collection occurs in accordance with any law, who will receive the information, the security measures used to ensure the confidentiality and correctness of the information, that the subject has the right to access and rectify any part of the information gathered, and objection to the processing. Any complaints in this regard may be lodged to the Information Regulator, an independent party who oversees the Act and answers to the National Assembly, and whose contact information must also be shared with the data subject.

The Act determines that the information may only be collected directly from the data subject, unless it is contained in a public record, it is required for a public purpose or to protect the interests of the data subject, it is not reasonably possible to obtain it from the data subject, or does not prejudice the subject if obtained from another source. 

The data controller must comply with prescribed duties, which includes: ensuring that all conditions for lawful processing are met (including obtaining the prescribed consent and ensuring confidentiality); collecting information directly from the data subject; informing the subject about the purpose of the processing; providing the subject with access to the information; keeping the information up to date; correcting the information; deleting incorrect or obsolete records; and complying with any information notice or enforcement order served by the Information Regulator.

No marketing 
It should also be noted that the Act prohibits all forms of direct marketing unless a data subject has given their consent. A data subject may only be approached once for consent and must at all times be afforded the right to ‘opt out’ of any future communications.

It is important to note that the provisions of the Act will not apply to the processing of personal information that is collected in the course of a purely personal or household activity, such as keeping a directory of the addresses and phone numbers of friends and family. It will also not apply to the collection of information for the purpose of national security, for the prevention of unlawful activities, if it is collected by the Cabinet, the Executive Council of a province, or by the courts when exercising its judicial function. 

The processing of information as a matter of ‘public interest’ will also be excluded. This is generally where information is processed for journalistic, artistic, or literary purposes. Ethical consideration will apply in these instances, and there will be a weighing of the data subject’s right to privacy versus the data controller’s freedom of expression. As a general rule of thumb, one should always remember that there is an important distinction to be made between ‘public interest’ and what is interesting to the public – the latter will not be exempted from the provisions of the Act. 

Take care
In summary, a data controller must carefully collect and process the personal information of their clients, employees, and any other party whose information they are processing, in line with the provisions of the Act as summarised above. Consideration should be given to the appointment of an information officer, otherwise the head of the private or public body will be regarded as such. This individual will register with the Information Regulator and ensure that the provisions of the Act are met within the organisation. South African citizens must be aware of the rights provided by the Act and must be mindful of the transactions they enter into – whether in person, automated, or online. Care must be taken when ‘posting’ information on social media, as this will be viewed as publications and consequently enjoy no protection under this Act.

The Act is available online and it is suggested that if anyone wishes to get clarification on any definitions or provisions, to read through the Act and, if necessary, approach a legal specialist for any assistance.

Opinion article  by Francois Quintin Cilliers, lecturer in the Department of Mercantile Law at the University of the Free State and Attorney of the High Court of South Africa.

 


News Archive

The state of HIV/AIDS at the UFS
2010-05-11

“The University of the Free State (UFS) remains concerned about the threat of HIV/AIDS and will not become complacent in its efforts to combat HIV/AIDS by preventing new infections”, states Ms Estelle Heideman, Manager of the Kovsies HIV/AIDS Centre at the UFS.

She was responding to the results of a study that was done at Higher Education Institutions (HEIs) in 2008. The survey was initiated by Higher Education AIDS (HEAIDS) to establish the knowledge, attitudes, behaviours and practices (KABP) related to HIV and AIDS and to measure the HIV prevalence levels among staff and students. The primary aim of this research was to develop estimates for the sector.

The study populations consisted of students and employees from 21 HEIs in South Africa where contact teaching occurs. For the purpose of the cross-sectional study an ‘anonymous HIV survey with informed consent’ was used. The study comprised an HIV prevalence study, KABP survey, a qualitative study, and a risk assessment.

Each HEI was stratified by campus and faculty, whereupon clusters of students and staff were randomly selected. Self-administered questionnaires were used to obtain demographic, socio-economic and behavioural data. The HIV status of participants was determined by laboratory testing of dry blood spots obtained by finger pricks. The qualitative study consisted of focus group discussions and key informant interviews at each HEI.

Ethical approval was provided by the UFS Ethics Committee. Participation in all research was voluntary and written informed consent was obtained from all participants. Fieldwork for the study was conducted between September 2008 and February 2009.

A total of 1 004 people participated at the UFS, including the Main and the Qwaqwa campuses, comprising 659 students, 85 academic staff and 256 administration/service staff. The overall response rate was 75,6%.

The main findings of the study were:

HIV prevalence among students was 3,5%, 0% among academics, 1,3% among administrative staff, and 12,4% among service staff. “This might not be a true reflection of the actual prevalence of HIV at the UFS, as the sample was relatively small,” said Heideman. However, she went on to say that if we really want to show our commitment towards fighting this disease at our institution a number of problem areas should be addressed:

  • Around half of all students under the age of 20 have had sex before and this increased to almost three-quarters of students older than 20.

     
  • The majority of staff and a third of students had ever been tested for HIV.

     
  • More than 50% of students drink more than once per week and 44% of students reported being drunk in the past month. Qualitative data suggests that binge drinking over weekends and at campus ‘bashes’ is an area of concern.

Recommendations of the study:

  • Emphasis should be on increased knowledge of sexual risk behaviours, in particular those involving a high turnover of sexual partners and multiple sexual partnerships. Among students, emphasis should further be placed on staying HIV negative throughout university study.

     
  • The distribution of condoms on all campuses should be expanded, systematised and monitored. If resistance is encountered, attempts should be made to engage and educate dissenting institutional members about the importance of condom use in HIV prevention.

     
  • The relationship between alcohol misuse and pregnancy, sexually transmitted infections (STIs), HIV and AIDS needs to be made known, and there should be a drive to curb high levels of student drinking, promote non-alcohol oriented forms of recreation, and improve regulation of alcohol consumption at university-sponsored “bashes”.

     
  • There is need to reach out to students and staff who have undergone HIV testing and who know their HIV status, but do not access or benefit from support services. Because many HIV-positive students and staff are not receiving any kind of support, resources should be directed towards the development of HIV care services, including support groups.

Says Heideman, “If we really want to prove that we are serious about an HIV/AIDS-free campus, these results are a good starting point. It definitely provides us with a strong basis from which to work.” Since the study was done in 2008 the UFS has committed itself to a more comprehensive response to HIV/AIDS. The current proposed ‘HIV/AIDS Institutional response and strategic plan’, builds and expands on work that has been done before, the lessons learned from previous interventions, and a thorough study of good practices at other universities.

Media Release
Issued by: Mangaliso Radebe
Assistant Director: Media Liaison
Tel: 051 401 2828
Cell: 078 460 3320
E-mail: radebemt@ufs.ac.za  
10 May 2010

We use cookies to make interactions with our websites and services easy and meaningful. To better understand how they are used, read more about the UFS cookie policy. By continuing to use this site you are giving us your consent to do this.

Accept