One of the greatest R&B crooners to ever grace this planet, My Luther Vandross once posed the question in his song Secret Love: Why can’t we tell somebody? One could suppose that he was requesting consent from his partner. Afterall, spilling the beans without mutual agreement might spell the end of the treasured affair…

At the heart many relationships lies trust. And once we share personal information with others, a basis of trust is often assumed. That, however has not always been the case, especially in today’s world where data is currency.

Protection of Personal Information

Having confidence about where to tell and store your secrets are private information is one of the key components in the work of business transactions. The corporate space in South Africa will soon be impacted by the enactment of the Protection of Personal Information Act 2013 (“POPIA”) which intends to restrict the use of your personal information by other parties without your consent.

Some of the specific instances were provisions of POPIA are invoked to protect your information is in relation to your cell phone numbers, hospital patient number, your doctor’s file details, or any other personal information in relation to your person. This right to privacy is also encapsulated in the Constitution of the Republic of South African 108 of 1996 as amended (“the Constitution”) may only be waived by the concern of the party concerned.

 

“There is no absolute right…”

The above notwithstanding, the court may issue an order compelling another party to disclose that information that under normal circumstance would enjoy protection of POPIA. Case in point in respect of this submission is the recent ruling in Divine Inspiration Trading 205 (Pty) Ltd v Gordon and Others (“the Divine Inspiration 205 case”).

The bone of contention in this case was whether to release medical records of one party from her medical practitioners for the purpose of determination of the action wherein the party concerned was suing for damages of R7 million for injuries sustained.

The owner of the information (which was in the custody of the medical practitioners) suing for damages was initially requested to disclose the aforementioned information for the purpose of the determination in question in terms of section 35 (3) of POPIA and she forthrightly refused processing of the information, invoking section 11(3) thereof as a basis thereof.

Section 11(3) of POPIA:

A data subject may object, at any time, to the processing of personal information—

(a) in terms of subsection (1)(d) to (f), in the prescribed manner, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
(b) for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications as referred to in section 69.

 

In deciding the dispute at hand, the court rejected the argument submitted, and immediately implored section 12 (2) d (iii) of POPIA to navigate the balance of significance between contestation of the R7 million damages and the weight which the evidence (information held by the medical practitioners) may have on the claim.

The court found that dataof the subject (patient) may be collected from the other source (medical practitioners) when it is so required to conduct proceedings in any court or tribunal. This landmark ruling is momentous in contesting disclosure of information in terms of POPIA and most prominently, same is squarely harmonious with section 15(3) c (ii) thereof.

 

Consequent to the above scrutiny of the recent court case, it is worth noting that some of your secrets no matter how well hidden, may be told to other parties in the course of legal proceedings in a court of law or tribunal.

POPIA in its entirety will come to full effect on 1 July 2021.

So what now?

If you run a company - the key question to ask yourself is whether or not you are is well-resourced to ensure compliance with the Act.

And as an individual, are you empowered with the right information to enforce compliance against institution/s that might compromise your personal information?

Either way, we can help you comply and be ready come 1 July.

Call or e-mail us today!

Share