- This is not legal advice.
- This is by no means an exhaustive list of website requirements as it relates to POPI.
- This article is meant to be a live and ever-growing resource for information that relates to your website and the POPI Act. We are figuring this out as we go, and are doing our best to keep this resource up to date.
- I am not a lawyer (although my mom wishes I pursued that career).
- Please make sure to chat to your own lawyer about your unique POPI requirements
- Your business and my business use information in completely different ways. So your business will have different requirements to my business. Keep this in mind, this is why I highly recommend you chat to your own lawyer.
- Remember the golden rule of the internet: Always verify & double-check before trusting information.
Last updated: 2 July @ 13:46
From my non-lawyer understanding there are a few main things to take care of with regards to POPI:
- Ask for permission before collecting information
- be transparent of what that information will be used for,
- make a really good effort of protecting that information,
- give someone a way of updating their information, or a way of requesting their information to be deleted.
With that in mind, this is the information I have gathered for striving to make your website POPI Compliant.
Cookie Consent & Policy
We have all seen those little warnings that pop up at the bottom of a web page, asking us if we are OK with all the cookies that are being stored to track what we do on a website.
Forms on a website require an opt-in confirmation box. And a link that indicates what
I have not yet implemented this on my own websites, but will be doing so very soon.
POPI Management Framework / PAIA Manual
From what I gather, it makes sense to have your PAIA Manual on your website. And to ensure it is easy to find.
This document will also contain information on your Information Office (which you need to appoint for your business over here: https://www.justice.gov.za/inforeg/portal.html).
As soon as I am sorted with a PAIA manual, I will be adding it as a footer link on my website. I will also be registering as the Information Officer for my business.
These pages should be updated with relevant information on how you collect, store and use personal information. Any visitor to your site should be able to find these pages easily.
NOTE: These pages will look different for different businesses. An eCommerce website stores different kinds of personal information compared to the local plumber’s website. Make sure to speak to your lawyer with regards to what you need.
A few practical tips
A large part of this new act is to ensure businesses make a really good effort at implementing best practices when it comes to collecting, storing and using personal information.
There are a number of best practices that can be implemented:
- Use a password manager like Lastpass/1Password to store your passwords (I use Lastpass personally, and have been using it for close to 10 years).
- Make sure you use unique, strong passwords across different sites and tools.
- RELATED: What makes a password strong
- Regularly update your various passwords.
- Have a password on your laptop, tablet, computer and your phone.
- Remember that you most likely get your work email on your phone. If you lose your phone, that contains personal information, you must be able to show that you followed best practices to ensure that personal information can’t be used.
- Same goes for your laptop & tablet
This webinar is very informative and covers the POPI Act in its broader sense as it applies to your business.
- Be a Responsible Ronnie and…
- Always verify and double check information.
- Do not take legal advice from a website developer.
- Speak to your own lawyer (or my lawyers at Lombard & Partners)
This resource will be updated as we come across more information.