Today’s blog post is part of a mini series on POPIA, written by Sumien du Plessis.  Sumien works in private practice in Pretoria and is their appointed information officer.  She adds, “It should be a given that I am a Sensory Integration qualified Occupational Therapist since this is a SAISI blog post, but I am also a qualified DIRFloortime provider, a photographer, an artist, a cat lover, a wine connoisseur, and a lover of our beautiful world.”

Thank you Sumien, and happy reading!

How POPIA affects SAISI Part 1

Knock-knock…

Who’s there?

POPEYE!

POPEYE who?

POPI-YA’self before you get fined! Or jailed!

 

 

I do not know which is worse to tell you the truth – the consequences of not complying with the Protection of Personal Information Act or the process of getting my act together concerning the rules and regulations of POPIA! It has been a challenge to learn what the POPIA entails, what I need to do to be POPIA-proofed, and to get it all done by the deadline.

I think that POPIA-ing yourself (POPIA-ing is my verb for this process – please go with the flow) is much easier if you are working in your own practice all by yourself. Protecting client information when you are the sole person in charge of the documents takes far less effort, I think, than being part of a larger practice where more people are involved in ensuring that the practice is POPIA compliant. I am sure you POPIA-Officers out there know what I am talking about. I did not consider how much work it would be and is continuing to be for companies, institutes, or associations, such as SAISI until I was asked to write this blog. It makes me think I had nothing to groan about when I had to get my POPIA ducks in a row!

So now, the question begs, how is the POPIA affecting our practices and our institutes or associations we belong to as Occupational Therapy practitioners? This blog post will look at how SAISI is affected by the POPIA.

SAISI, its 806 members, 20 board members, and Aletta as the SAISI employee are subject to the same POPIA requirements, like any other person or entity in South Africa. The PRIVACY POLICY IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 requirements even stretch beyond our borders for South African citizens.

SAISI should not just be compliant with regard to its members concerning the POPI Act, but to all the third parties contracted to SAISI for whatever reason. These can include, but are not limited to, the health and education community, such as allied health professionals, the Department of Education and teachers, the general public, other occupational therapy associations, the International Council for Education in Ayres Sensory Integration (ICEASI), and the various Universities. The POPI Act also pertains to Whatsapp groups, journal groups, courses, and even protocols, to name a few. It was somewhat of a mission to check whether all the third parties I deal with in my practice, such as my accounting system and the school I work at, comply with the POPI Act. I, therefore, have sympathy for SAISI who had to make sure that all its third parties are all on the POPI bandwagon – or in the case of international third parties, have strict confidentiality clauses.

The POPI Act has 8 minimum requirements that everyone should adhere to. These ensure that everyone’s rights to privacy concerning their personal information are respected and handled within the strict guidelines set out by the data protection laws.

At this point, I need to be frank with you. I am 100 percent sure I got the job of writing this blog because I am the Information Officer in our practice, and we have a SAISI board member working at our practice. I definitely did not get this job because I know everything about SAISI (apologies to all avid members) or the Protection of Personal Information Act. I am also guessing others were clever enough to decline writing this blog post gracefully. I will, however, try my best to put the effects of the 8 minimum requirements on SAISI into perspective – albeit my own.

  1. Be accountable

Being accountable can be stated in other words: having a contractual obligation to confidentiality. We all know about being confidential. It has been ingrained in us from first year varsity. Although everyone – employees, board members, members of SAISI, and third parties – is accountable for protecting personal information, the heavy task of ensuring that everyone else handles information with the utmost privacy rests on the shoulders of SAISI’s Information Officers – Marié Greyling (SAISI chairperson) and Aletta Kietzmann (Office administrator). They are supposed to guarantee that every person who is part of SAISI processes, documents, and manages the personal information of everyone else in such a way that no one feels that their rights were infringed upon. They also have to check that everyone obeys the 8 minimum requirements, set out by the Data Protection Law. This, I’m sure you will agree with me, is a monumental task, with day-to-day information-protection-policing (I have now made this a verb – go with the flow!).

 

This brings us to the end of PART 1 of this ‘riveting’ topic. PART 2 promise to give you even more insight into how POPIA affects SAISI, when we look at requirements 2 to 8. See you next time!