Often employee’s personal information is the last thing we think of when wrestling with our POPI compliance, but they should not be. Employees do not only play a role in getting and keeping our companies compliant with POPI but are also data subjects themselves. This means that we need to be POPI compliant when collecting, using, storing, and deleting our employee’s personal information. This is often easier said than done, as employers often just don’t know how to practically comply with POPI regarding their employee’s personal information.
When collecting personal information, we must be aware that we may need consent from our employees to collect and use their personal information depending on what type of personal information it is. If we are collecting or using any personal information concerning an employee’s race, ethnic origin, trade union membership, political persuasion, health (vaccination status), or biometric information we need to get consent from our employees to collect, use and store the personal information and we also need to keep proof of the consent on file.
When using our employee’s personal information, we must be aware that we may only use it for the purpose for which it was collected, and these purposes must be communicated to the employee.
When storing our employee’s personal information, whether electronically or in hard copy, we must be aware that we need to have safety measures in place to protect against the loss, damage, or unauthorized access of the personal information. Access to hard copy files should be limited and should be behind lock and key, either in an office or a cabinet. Access to electronic files should also be limited and we need to have adequate information security measures in place. What is required here is going to be dependent on your Company, but you should have the basics in place, such as, password protecting your computers and limiting access to your network or WI-FI.
To determine whether you are on track with your POPI compliance regarding your employee’s personal information, you can utilize the below checklist. Not all questions will be appliable to all Companies, however if you answer NO to two or more of the questions relevant to your Company, you are likely in breach of POPI.
- Have you registered an Information Officer for your company?
- Have you received consent from your employees to collect, use or store their biometric information?
- Have you received consent from your employees to collect, use or store their trade union membership?
- Have you received consent from your employees to collect, use or store their vaccination status?
- Have you received consent from your employees to collect, use or store their race or ethnic origin?
- Have you received consent from your employees to collect, use or store their personal information outside of South Africa?
- Are your hardcopy HR files stored securely in a locked office/cupboard?
- Are your softcopy HR files stored securely with the necessary IT security in place?
- Do you have a clean desk policy or similar measure to ensure no personal information is left lying around?
- Do you have a data protection policy or similar measure that governs how you collect, use, store or process your employees’ data?
- Have you informed your employees about what personal information you have about them?
- Have you informed your employees about how you use your employee’s personal information?
- Have you informed your employees about how you protect their personal information?
- Have you informed your employees about how long you keep their personal information?
Contact LabourNet today to assist you with all your POPI needs or to conduct a free risk assessment to check your compliance status!
For more information on the above topic, please contact the LabourNet Helpdesk at 0861 LABNET (0861 522638).
Not yet a LabourNet client, but would like to know more about our service and products?
Email us: support@labournet.com; robertn@labournet.com;
Visit our website at www.labournet.com
LabourNet Port Elizabeth: Tel – 041 373 2994 Address: 176 Cape Rd, Mill Park, Gqeberha, 6001
LabourNet East London: Tel – 043 726 9844 Address: 65 Frere Rd, Vincent, East London, 5247