Virtually every organisation makes use of a third party vendor or service provider (basically any provider of ICT goods or services) to process their personal information. For example, if an organisation outsources part of their IT function, then a third party will almost certainly be processing personal information. Another example is Fax-to-email – where the service provider is processing facsimiles on behalf of another party. If the facsimiles include personal information, the service provider is processing your personal information. If a third party is processing the personal information of someone else, then there are certain steps that will need to be taken under the Protection of Personal Information Bill that will soon be law.
If someone else processes your personal information, there are steps that need to be taken
The organisation will fall under the definition of a “responsible party“:
“a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information”
The third party service provider or vendor will fall under the definition of an “operator“:
“a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party”
And section 20(1) and (2) of POPI will apply.
The obligations of the responsible party
You, as the responsible party, must:
.
Register - It's quick, easy and FREE to get greater access instantly. [ Register ] If you are a client of Michalsons, you get registered user access and complimentary access to client content.
.
Register at [ Register ] and then send us an email requesting access as a client of Michalsons. We will give you access and notify you by email.
Tags: operators, personal information
No Comments Yet