SUB CATEGORIES Featured Story |  Straight Talk |  The Stage | 

POPI bill to significantly impact the financial services industry

25 September 2013 Jonathan Faurie

Since the dawn of the new millennium, it is evident that the world has changed. Technology has been a major driver of this, and while the changes affected by technology at the start of the millennium were significant, indications are that this impact will grow going forward. But while this had a positive impact on society in that it made connectivity so much easier, recent events have highlighted the danger of an over reliance on technology. This has prompted many countries to introduce comprehensive pieces of legislation, which protects the privacy of information of its citizens.

South Africa moving forward

Following the lead of the US, the UK, France and Brazil, South Africa has been working hard on its own Protection of Private Information (POPI) bill. This was brought before parliament last week and was sent back to change the wording before it is signed into law.

While this bill looks set to improve the lives of South Africans, it will have an impact on the financial services industry.

POPI provides the regulatory framework within which organisations may process personal information and seeks to give individuals control over how their personal information is used or disclosed. The Bill defines personal information as all information relating to an identifiable, living person and where applicable, an existing juristic person.

Lize de la Harpe, Legal Adviser at Glacier by Sanlam points out that the definition of processing is drafted wide enough to cover any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including the collection, receipt, collation, storage, updating and use of the information.

De La Harpe adds that there are eight specific areas which the bill covers:

1. Accountability
The responsible party (being the party that determines the purpose of and means for processing) must ensure that the conditions for processing are complied with at all times.

2. Processing limitation
Processing must be lawful, done in a reasonable manner that does not infringe the privacy of the data subject and must not be excessive. Processing may only take place with the consent of the data subject, subject to certain exceptions (such as is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is a party, it complies with an obligation placed on the responsible party by law or it protects a legitimate interest of the data subject). Personal information must be collected directly from the data subject with certain exceptions.

3. Purpose specification
Collection must be for a specific purpose and records may not be kept for any longer than is necessary for achieving the purpose for which it was collected or subsequently processed, subject to certain exceptions (for example if it is required or authorised by law or the data subject has consented).

4. Further processing limitation
Further processing must be compatible with the purpose of collection, taking into account, amongst others, the nature of the information, the consequences for the data subject and the manner in which the information was collected.

5. Information quality
The responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.

6. Openness
A responsible party must maintain documentation of all processing operations. When personal information is collected, the responsible party must (subject to exceptions) take reasonably practicable steps to ensure that the data subject is aware of, inter alia, the information being collected, the source, the purpose of the collection and the rights of the data subject.

7. Security safeguards
Reasonable measures must be taken to identify all foreseeable internal and external risks, establish and maintain appropriate safeguards against these risks, regularly verify that the safeguards are effectively implemented and ensure they are continually updated. The responsible party must notify the Information Regulator and the data subject when the personal information of a data subject has been accessed or acquired by any unauthorised person.

8. Data subject participation
The data subject has a right to request a responsible party to confirm whether or not it holds personal information about the data subject (free of charge), to request the record or a description of the personal information held, as well as the identity of third parties who have access to the information. The data subject also has the right to request the correction or deletion of personal information which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.

Industry impact

While there are many people who feel that this legislation is long overdue, its effects will have a significant impact on the insurance industry.

"Companies will need to do significant gap analysis programmes whereby they asses the information that they have already collected and measure it up to whether they comply with the eight areas governed by legislation. You basically need to ask what information you collect, for what purpose the information is being collected, and how the information will be kept. The processing of the information is also a significant area of concern for companies as they will need to get consent from the client in most cases,” says De La Harpe.

Companies will also need to be very clear as to what constitutes material information. Material information is the information which is necessary in establishing a policy and its premiums. For example, knowing if a person is a smoker is material when calculating the premiums and exclusion of a life policy. In this instance, a broker or adviser would need to justify why the information is material.

But perhaps the biggest concern is the implementation of systems and processes which are compliant. "Indications are that companies, which have not already started implementing systems and processes which would make them compliant, will take between two to three years to achieve this. This will put them in a tough situation as the act states that companies will only have a year to comply,” says De La Harpe.

The legislation will apply to both public and private bodies, including retirement funds and administrators. There will be a transitional period of one year whereafter full compliance with the legislation will be required.

Editor’s Thoughts:
The bill aims to protect the public against direct marketing activities which come off the back of giving your information to an insurance company. While this is good news for the public, and a move which is long overdue, it will have an effect on ability of companies within the industry to sell additional products which may complement the cover which has been taken out. Of concern is the fact that it will take between two and three years for the majority of companies in the industry to implement this, although the bill only allows for a year to comply. Please comment below, interact with us on Twitter at @fanews_online or email me your


Added by Stephan, 25 Sep 2013
I would like to see how the Banks are going to worm themselves out of this, as the Bank Brokers are mining their "free" database like it is going out of fashion...........
Report Abuse
Added by Johan, 25 Sep 2013
Hierdie game is nie meer lekker nie ! Kry die gevoel Regulasies wil makelaars uit die bedryf uit dwing. Ek stem saam Thomas, geen jong mens moet hierdie bedryf oorweeg nie ! Gaan nog erger raak as die ondersoek na kostes afgehandel is.
Report Abuse
Added by thomas, 25 Sep 2013
This is the biggest load of "poop" that I have ever heard of. Between FICA,FAIS,TCF,FSB,COMPLIANCE ,CPD,Regulatory exams and a list of other things this is just adding to being caught in a very confusing swirling world which is starting to not make any sense at all. In one breath we are ordered to collect all client information, adhere to FICA.. and on the other hand we may be in a situation where we have to much information. As for protecting customers/clients against direct marketing...what an absolute joke!.Explain how a young fin advisor with gleaming eyes will start his career?.Sit at a desk while clients will be able to smell how much value he/her will be able to add to their lives?.The practical implications of all these regulations (of which most have simply been copied and pasted from other countries)will as everything else over complicate the whole industry to such an extent that no new (young) players will be able to enter the industry. More and more it seems as if all these regulations and rules are being made for one sole employ more people and organizations which the advisors will pay for. Our country is flooded with illegal persons and yet in their infinite wisdom someone decided that it is more important to introduce another regulation to guard clients against their advisors having too much of their information!.Irony is that if this tendency progress as is the case now there will be no more advisors left shortly and none of these regulatory bodies and rules will have any meaning or existence.
Report Abuse

Comment on this post

Email Address*
Security Check *
Quick Polls


How confident are you that insurers treat policyholders fairly, according to the Treating Customers Fairly (TCF) principles?


Very confident, insurers prioritise fair treatment
Somewhat confident, but improvements are needed
Not confident, there are significant issues with fair treatment
fanews magazine
FAnews June 2024 Get the latest issue of FAnews

This month's headlines

Understanding prescription in claims for professional negligence
Climate change… the single biggest risk facing insurers
Insuring the unpredictable: 2024 global election risks
Financial advice crucial as clients’ Life policy premiums rise sharply
Guiding clients through the Two-Pot Retirement System
There is diversification, and true diversification – choose wisely
Decoding the shift in investment patterns
Subscribe now