The Protection of Personal Information Act (PoPI) is by no means new. Despite the act becoming effective later this year (2018), many companies are struggling to come to terms with compliance. Those in the HR and Payroll fields are battling more than others because they handle personal information on a daily basis.
What is PoPI?
Simply put, PoPI is an act that is designed to ensure all South African Institutions collect, store or share personal information in a responsible way. Under the act, any institution can be held accountable should they fail to manage personal information in a responsible way. Personal information is considered valuable, thus anyone using or owning such information needs to act correctly when managing or using somebody’s personal data.
Areas of compliance
Areas of compliance include:
- Ensuring consent is attained when sharing information.
- Having valid reasons for sharing information.
- Being sure of the regulations related to the type of information being shared.
- Ensuring transparency and accountability as to how information is used.
- Ensuring access to information is available along with rights to have data deleted or destroyed.
- Ensuring that those whose information is captured can see who has access to their information, as well as being able to see that their information is securely stored.
What is “personal” information in terms of HR and Payroll?
Personal information within the HR and Payroll framework can include:
- Identity Number or passport number
- Date and place of birth
- Contact Information: Phone, email, instant messaging
- Residential address
- Gender and race
- Biometric data
- Marital status and family information
- Criminal record
- Employment history salary information
- Financial and banking information
- Education information
- Physical and mental health information
- Union Membership
What does PoPI mean for your payroll data?
Once the PoPI act is fully effective, all employers will be required to implement information management processes that comply with the act. In terms of HR and payroll data, this means that all employee-related personal information can only be processed with the knowledge and permission of the said employee. Employees’ personal information must only be used with a reasonable and valid purpose. For example, to ensure their compliance with tax and labour laws. PoPI also means that information must be properly managed and fully secured at all times. This includes facilitating the granting of access to such personal information by the person whose information is being accessed.
Paymaster and PoPI
The good news is that, long before PoPI was even considered, Paymaster has been taking payroll and HR information seriously. Secure and responsible information management and processing have been top priorities throughout the lifetime of every Paymaster solution. At Paymaster People Solutions, every necessary and precautionary step continues to be taken so as to ensure the security of all employee information. Data is securely stored. Data-encryption is used and only those with the correct administrative access rights can view and use the information stored.
Should you have any questions around your payroll and HR information and how to comply with the PoPI act please contact Paymaster People Solutions.