electronically, whether in the cloud or on the
landlord’s own Information Technology systems. The
landlord must protect a tenant’s personal information
in the landlord’s custody by adopting safeguards to
prevent unauthorized access, use, disclosure, loss,
destruction, copying or modification of any personal
information.
A landlord must tell the tenant how their personal
information has been used and to whom it has been
disclosed. POPI is quite clear that the tenant’s
consent needs to be obtained before disclosing
personal information to third parties (with certain
exceptions, such as state security).
To conclude, non-compliance with POPI can
lead to claims for civil damages (including punitive
damages), administrative fines of up to R10 million
or criminal prosecution where unlimited fines and
imprisonment of between one and 10 years are
prescribed.
www.reimag.co.za
A few principles on which POPI operates
require that personal data shall:
1
2
3
4
5
Only be stored by the data controller to the extent
necessary to achieve the purpose for which the
information was explicitly collected;
Only be stored in such a manner that the storage does
not intrude on the privacy of the data subject to an
unreasonable extent;
Be adequate, relevant and not excessive for those
purposes;
Be used for a lawful purpose only;
Not b