If you ever get the sense that Big Brother’s overzealous reach extends into your personal life, then help may be on the way.

New legislation on privacy and the protection of personal data is in the pipeline and, once enacted, promises to check how government and the private sector deal with personal information.

The draft Protection of Personal Information Bill, which aims to protect the constitutional right to privacy of personal information, will have a big impact on how personal data is handled.

Technological developments have given rise to concern about the erosion of information privacy in the electronic age. The issue has become especially controversial since the September 11 2001 terror attacks in the US and the cross-border transfer of personal information.

Not only will the new legislation regulate how this personal information is collected and used, it will determine exactly how it is protected.

The SA Law Reform Commission produced an extensive discussion paper last October on the use and regulation of personal information in SA, as well as a proposal for draft legislation.

Comments on the paper and draft bill closed last month and will be put into a report with recommendations to justice minister Brigitte Mabandla.

“The bill in its current form is a welcome and important measure,” says law academic Prof Iain Currie of Wits University’s Mandela Institute. “At the moment, when it comes to personal information, it is bit like the Wild West out there."

Currie says the draft bill is unlikely to change much when it goes before parliament (next year). Central to legislation on it is the establishment of an information protection commission (IPC) with regulatory and oversight functions.

“Without the commission, this won’t really work,” says Currie, who served on the law commission project committee that crafted the proposal.

Also proposed is a measure to make it unlawful for any “responsible parties” to collect and use personal information without first notifying the IPC.

Proposed legislation will also regulate and protect information handed over from one institution to another for marketing and other purposes.

There are a number of legal reasons why individuals disclose information about themselves and allow organisations to keep it. Mostly this is conditional on receiving a product or service, such as applying for a credit card or a government benefit, when entering a competition or visiting a doctor.

But people often do not realise that this information may ultimately be used for other purposes as well.

According to the law commission, the most important private data users are credit bureaus, the health and medical profession, banks and financial institutions, the insurance industry and the direct marketing industry.

As far as the state is concerned, individuals are required by statute to provide certain information.

According to Currie, the new law will ensure that the person responsible for this information will have to comply with eight general information protection principles. Sensitive personal information such as religion, health or sexual life will be subject to “heightened protection”.

More than 30 countries have adopted such legislation. The EU in 1995 enacted the Data Protection Directive to harmonise member states’ privacy protection laws. As a result, a number of countries, including the US, are wary of allowing the free flow of personal information to countries without similar laws in place. Once enacted, the draft bill will bring SA in line with international practice.

The Open Society Initiative for Southern Africa says the bill appears to be progressive and balanced and poses no infringement on open society values. “It seems to have good checks and balances and most crucially it places the individual at the centre," says the society’s information & communications technology officer, Ashraf Patel.

“But the trick will be in the monitoring and whether the commission will have the capacity to deal with breaches."

Inet-Bridge ||  Discuss this article

Latest news

Share this article