In this article in his series on the Protection of
Personal Information Act, Advocate Louis Nel writes
about Information Quality
THIS section does not dene the
concept but rather prescribes the
steps to be taken by the responsible
person (RP) in order to comply i.e.
‘it must take reasonably practicable
steps to ensure that the personal
information is complete, accurate,
not misleading and updated where
required’.
The POPI does not dene or discuss
any of these concepts but the POPI
does link the steps to ‘the purpose
for which the PI is collected or further
processed’ so a business will have to
assess this on a case-by-case basis.
It may be useful as part of the
exercise carried out by your business
to take note of the section pertaining
to security safeguards (Principle #7)
where reference is made to ‘industry
specic’ and ‘generally accepted’
levels of compliance. It would
therefore be an idea to investigate
what standards are used by your
industry (via e.g. your association)
and generally speaking (e.g. via your
chamber of commerce).
The word ‘updated’ implies an
ongoing monitoring – this can be
initiated by appropriate wording on the
form (hard copy or electronic) used
to gather the information initially in
terms of which the date subject (DS):
Warrants* inter alia the veracity,
completeness, accuracy and
currency of the PI (Personal
Information);
Undertakes to ensure the aforesaid
‘status’ by advising the RP of any
material and/or relevant changes
which may impact on any aspect
detailed above*;
The RP may have to verify
independently the PI e.g. by asking
for documentary ‘evidence’ to support
the PI provided.
The RP’s method of collection must
be of a ‘corresponding quality’ and,
in this regard, the pointers regarding
the levels of compliance (third
paragraph above) may be applied with
success.
