Protection Of Personal Information (POPI Act) Policy Manual And Compliance Framework

Accountability.

Constantia Kloof North Residents Against Crime (CKN) must ensure that the conditions for lawful processing of personal information set out in the Act, and all the required measures, are complied with.

Processing limitation.

  • Data processing must be for a legitimate purpose ie. member database and accounting purposes.
  • Member must give consent.   Consent forms to be given to complete.
  • Collection of personal data must be directly from the data subject.
  • Data models use DADIE and Sage secure databases.
  • Limit the transfer of personal data to service providers such as security companies.
  • Data subject must be able to request and object to information held in databases.

Purpose Specification.

  • Collection of personal information must be for a specifically defined purpose related to a function of CKN such as Security, Accounting and Council / Ward matters.
  • The purpose of processing personal information must be clear to Association members and Residents.
  • Record retention must not be longer than necessary unless required by law, a contract or the member has consented.
  • Personal information should be de-identified (removed) as soon as a member has submitted a resignation document or membership has been terminated from the Association side.
  • Destruction of personal information must be in a manner that prevents reconstruction in an intelligible form.

Openness.

The member must be aware of the collection of the data and the name and address of the responsible party, except if:

  • Member is already aware of personal information being kept.
  • All particulars are stated in PAIA information manual.
  • Information will be used without identifying Member.
  • Personal information is already in the public domain.

Member Participation.

Establish communication processes with Member (via the Information Officer).

Enable Member to request correction of personal data

Manner of access to information is defined in PAIA manual.

Business controls for maintaining integrity:

  • Identify personal data.
  • Identify application systems and IT processes that support the business processes
  • Identify programmed procedures supporting the complete and accurate processing of personal data.
  • Prohibit the processing of special personal information
  • Comply with the requirements of Information Officer.

Further Processing Limitation.

Further processing must be compatible with original purpose.

Take note of any contractual rights and obligations.

Take steps to prevent further processing of personal data.

Allow retention for historical, statistical or research purposes.

Information Quality.

Maintain the accuracy of collected personal information

Ensure that personal data is up-to-date.

Master Data will be kept within DADIE and Sage databases, on secure and password protected servers.

Action Plan.

Business purposes for processing data is to maintain a register of all CKN members.

Use DADIE and Sage to register and process personal data.

  • Contact and communicate with Members.
  • Obtain consent from Members via official consent form.
  • Enable Member to object to processing of personal data.
  • Perform risk assessment for the protection of personal data.
  • Reduce record retention, destroy unnecessary personal data when no longer required.
  • Appoint an Information Officer for Member to liaise with.
  • Respond to requests of the Information Officer.

Reference:

  • CKN – Constantia Kloof North Residents Against Crime
  • PAIA – Promotion of Access to Information Act
  • DADIE – Official database management tool for CKN to regulate membership.
  • Sage – Accounting program used in CKN
  • Chairman of CKN
  • Website: www.ckn.org.za

Leave a Comment