Protecting South African Employees' Special Personal Information Against Data Breaches
Date
2024
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of the Witwatersrand, Johannesburg
Abstract
The widespread use of computers and acceleration of online activity have increased the importance of personal information in modern society. Processing personal information has become an indispensable part of daily life. The (mis)management of personal information in the employment context is particularly concerning because employers also process special personal information (SPI). This research report considers the legal treatment of processing SPI in the world of work in South Africa by identifying and evaluating those provisions of POPIA that could offer employees protection in the event of a data breach. Furthermore, the research examines the effectiveness of those provisions against predetermined criteria in order to establish whether the provisions provide direct employee protection, create an opportunity for the responsible independent authority, namely the Information Regulator (IR), to include protective conditions in respect of processing employee SPI; and whether the provisions eliminate or limit threats to breaches of employee SPI. Sheburi v Railway Safety Regulator is the only known POPIA related case and it is referenced to highlight the ease with which POPIA provisions can be misinterpreted in practice. The case also demonstrates the fallibility of the consent requirement and supports the argument that employees need reinforced protection against the ever-looming threat of data breaches. The key finding of this study is that POPIA was not specifically designed to render full protection to employees in the event of a data breach. However, some of the existing provisions in POPIA render some level of protection. The research concludes by suggesting possible ways to improve the legal protection of employee SPI and ultimately calls for specific regulation of employee SPI in the context of data breaches.
Description
A research report Submitted in partial fulfillment of the requirements for the degree of Master of Laws by Coursework and Research Report , School of laws, University of the Witwatersrand, Johannesburg 2024
Keywords
Personal Inforomation, POPIA, Employees, Data Breaches, GDPR, UCTD
Citation
Mampa, Kgothatso Lesetja Simon . (2024). Protecting South African Employees' Special Personal Information Against Data Breaches [Master’s dissertation, University of the Witwatersrand, Johannesburg].WireDSpace.