2010 pressure mounts on privacy Bill


Government is pushing for the draft Protection of Personal Information Bill to be enacted into law, in time for the 2010 Fifa World Cup.

This is according to Mark Heyink, information attorney and information security consultant, speaking at a legal seminar at Melrose Arch, earlier this week.

The Protection of Personal Information Bill is expected to go before Parliament early next year, and, according to Heyink, will become an Act by as early as March 2010.

The Bill was submitted to the justice minister in February this year and aims to promote the protection of personal information processed by public and private bodies.

Once the Bill is passed, companies will be prohibited from giving a customer’s information to any other person without the client’s consent. It seeks to hold companies that do not take adequate steps to protect confidential information legally liable.

Heyink notes: “The Protection of Personal Information Bill was urgent in 2002, and now it’s even more urgent in 2009, because of the 2010 World Cup.”

He says the Parliamentary Portfolio Committee on Justice will speak with the English High Commissioner next week to discuss whether information transferred from European countries in 2010 will be protected by South African law.

Heyink says government has not yet developed concrete laws around the protection of personal information, and the new Bill will take a tough stance on businesses that do not comply.

“Information is borderless; it’s easy to transmit information, especially with the Internet, so the importance of creating laws, which are harmonious to our trading partners, is a critical element to the success or failure of this legislation.”

Heyink says the Bill will seek to prevent the illicit trade of personal details, committed by some marketing companies that pay up to R20 000 for the information. He adds that Facebook and other social networking sites have been targeted as an information-gathering hotspot.

“As of the 20 November 2009, 340 242 628 records have been compromised in the US. Cybercrime cost Australian citizens $3 billion in 2008. This information is being used criminally and abused in instances to masquerade or to commit other crimes.”

According to Heyink, the Bill will not be a cheap exercise for businesses, and larger enterprises will be forced to spend millions ensuring proper security is put in place.

The problem comes in, he says, “when larger enterprises would rather opt to pay the R5 million fine, than the R10 million amount required to do the security implementation. In addition, we foresee that the risk of reputation to the company will be the biggest deterrent, which could lead to a company’s shares plummeting.”

Lance Michalson, partner of Michalsons Attorneys, is sceptical and says that, depending on discussions, the Bill might not make it in time for 2010. “The Parliamentary Portfolio Committee had a discussion in November, which will be continued in April next year.”

He says the current Bill’s eight security principles will be debated and it will be decided whether those principles are relevant within an African context rather than based purely on European Union (EU) best practices.

“Depending on how much opposition there is to the fundamental principles and whether they should be changed, it could take a while longer than previously planned. It will also need to go before the National Assembly, which will go forward in May.

“The EU data privacy directive says an EU country can only commit cross-border transfer of information to countries that have adequate protection mechanisms in place, which up until now, SA didn’t have.”