Onerous consequences for non-compliance with POPI Act

THE consequences of a
breach of compliance
with the Protection of
Personal Information (POPI)
Act, due to be implemented
next year, will be ‘wide and
onerous’.
This is according to Hogan
Lovells partner, Leishen
Pillay, who addressed the
Global Business Travel
Association workshop at
the FNB Conference Centre
recently.
Leishen said they were
some of the most onerous
consequences to be found
in any piece of legislation in
South Africa.”
There are three categories
of consequences for noncompliance
that would run
parallel to one another.
The first, said Leishen, was
an administrative fine levied
by the information regulator
for up to R10m.
The second is criminal
consequences, which
include a period of
imprisonment. “Depending
on the type of offence, you
could be imprisoned for
anywhere up to 12 months if
you don’t comply with POPI,
or up to 10 years in certain
other instances.”
The third is a civil claim.
“The final one is by far
the most lethal in terms
of a legal consequence.”
In terms of chapter three,
basically all the principles in
the very heart of POPI, any
breach of those principles
could attract a civil claim by
a data subject, he said. “It
could be any data subject,
and that’s your individuals
and your companies that you
deal with, and that indicates
they can claim from you
what they can prove.”
Leishen explained that a
general court case defended
on a civil basis provided a
certain degree of latitude to
the defendant, yet, in terms
of POPI, there was strict
liability. This is the highest
form of liability in law and
means that it does not
matter whether one intended
to comply or not. He said
the stronger defences that
went with intention and
negligence were removed.
“In terms of POPI, it doesn’t
matter whether you intend
to comply or not. It doesn’t
matter whether you took the
best of steps and you didn’t
comply.”
The Act applies to anyone
processing personal
information.