‘Your choice of cell phone is irrelevant in applying for credit or registering for a conference or pre-booking your intention to attend an exhibition’. Therefore the type of cell phone you purchased is relevant and between you and the cell phone manufacturer and their various suppliers only.
Louis the Lawyer has drilled down further into what is meant by sharing your personal information. Advocate Nel has provided the third within a series of important personal information bullet points which is to be promulgated this year in keeping with international law.
In 2013 alone – and we are not even half-way through – South Africa has had its share of monies being removed from bank accounts. Yet any information that has an ultimate value to the cyber criminals is at risk.
The law defines the responsibility of your personal information as ‘processing’. Processing means that the responsible person (RP) who has your personal information (PI) is wholly responsible for the collection, dissemination and merging of your information. The RP may receive your PI manually, electronically and is essentially responsible for the total life cycle of your PI. The legal limitations placed on the use of your PI are extensive. For example you, as the DS (Data Subject) must consent to the processing of your PI. The processing of your PI must be:
- adequate and relevant and not exceed the purpose for which it is intended. For example is the RP of your PI ‘selling-on’ to another company, a particular piece of collated personal information?
- shown to protect your legitimate interests. For example the confidential supplying of your ID number for the purposes of authentic MICE attendance & compliance certification;
- required by the RP to:
- ….. carry out a contract to which you are a party;
- ….. comply with an obligation imposed by law via a public body to carry out a public law duty;
- ……pursue a ‘legitimate’ interest.
On the 29th of May the Classic Business programme’s focus was a panel discussion with highly knowledgeable cyber crime experts. Consensus was clear that cyber crime was on the increase with the majority of cyber criminals located within various credible organizations. So if you thought your PI was being ‘got at’ in some sleazy smoke-filled back room with the required lap-top and devious codes, you had better think again.
It is possible at some future time that organizations requiring your PI will need to train, ‘legalize’ and identify to you (DS) the name of the RP who is processing your PI.
Penalties for non-compliance are high – up to R10m is earmarked. With cyber crime on the increase world-wide the Academy is of the opinion that this penalty amount may be acceded. A strong word to the industry is be very cautious as to what information you are requesting on any form and a real cautionary note to all out there to take special care as to what personal information you glibly hand across without a good reason for the information being needed.
Louis the Lawyer will elaborate on this crucial subject of personal information on Friday 21st June at the 5 star Gallagher Convention Centre at the 6th MICE Focus Group of 2013. Authentic compliance (4 credit points) and attendance (3 credit points) certificates will be available to participants. Full programme details are available from the Academy.
