5 Reasons why you need a Privacy Policy

10 March 2022
Posted by De Beer & Co

Why do I need a Privacy Policy?

A Privacy Policy is a document we tend to read last, if at all. But, a Privacy Policy plays an important role in the business world, especially if you conduct business online. It helps you comply with the law and cut down your risk profile. A Privacy Policy acts as a guideline for navigating how to use and handle Personal Information.

But, mainly you need a Privacy Policy because:

You have to comply with the law

The Protection of Personal Information Act 4 of 2013 (or “POPI”) is law in South Africa, and therefore we have to comply with it. In terms of Section 18 of POPI, you have to notify a user every-time you collect Personal Information from them.

The notification areas include:

  • what information you’re collecting;
  • where you’re collecting the information from;
  • the name and address of the party collecting the information;
  • the purpose the information is being collected for… etc.

It’s easier to handle it in one document, once off, instead of in multiple documents every-time you collect personal information from a user.

A Privacy Policy helps you comply with POPI and makes sure that the notification aspect of POPI is dealt with efficiently.

Your users will trust you

With the prevalence of data breaches and misuse of Personal Information, users are hesitant to make use of offerings without knowing how their Personal Information will be used.

Transparency of how their Personal Information is handled is vital, in fact over 68% of users are more concerned about how their Personal Information is collected online than losing their principal income source.

A Privacy Policy is a great way of being both transparent and a way of showing users exactly how their information will be used, gathered and protected.

You conduct business online

You collect a lot of Personal Information by doing business online, whether this be through a webform on your website, by providing a newsletter or through your app.

Personal Information can be hard to manage especially when there’s a lot of it. This can become a problem because Section 17 of POPI states that you have to keep documentation of all Personal Information processing under your responsibility. This is impossible to do if you don’t have a guideline to follow.

A Privacy Policy provides a guideline to users and yourself as to how that Personal Information will be handled and protected. Without one you’re drunk driving. You may not run into trouble, but eventually your luck will run out and when it does, the consequences can be disastrous.

Your luck may run out in the form of a data breach. This is where Personal Information under your control is leaked to the public either through a hacker or through carelessness.

No-one is immune to a data breach. For example, some of the more well known recent data breach’s in South Africa include:

Standard Bank: property owner’s information leaked through online platform;

Experian: 24 million South African’s Personal Information exposed.

Prevention is better than the cure

An ounce of prevention is worth a pound of cure.

Benjamin Franklin

Benjamin Franklin said it best, and the statement rings truer when it comes to handling Personal Information. POPI and the Information Regulator, who administers it, are not shy about handing out penalties and imprisonment.

The maximum penalties that can be levied under POPI include:

  • imprisonment up to 10 years;
  • fine not exceeding R10 Million;
  • both a fine and imprisonment.

There’s also the further punishment induced by Section 99 of POPI which creates strict liability of the Responsible Party for failure to comply with the act. Any user affected can bring an application to a court to claim money from your business. The court can award the following if a user is successful:

  • payment of damages (money) as compensation;
  • aggravated damages;
  • interest;
  • costs of suit on a scale determined by the court.

The only way to prevent this from happening is to comply with POPI and to have a proper Privacy Policy in place.

Your service providers require it

Service providers may require you to have a Privacy Policy in place. This is in light of Section 20 of POPI which provides that an Operator (a person or business who processes Personal Information on behalf of another) must process the Personal Information:

  • only with the consent of the service provider;
  • and must treat all Personal Information that comes into their possession as confidential.

It is clear from the above that without a proper Privacy Policy, some service providers can and will rightfully refuse to do business with you as they won’t be sure that you will use the Personal Information properly.

In addition, large service providers like Google, Twitter, Facebook or Apple require you to have a privacy policy in place before you can use most of their services.

Without a proper Privacy Policy, many business opportunities may not be available to you.

Conclusion

Based on the above, it’s clear that a Privacy Policy is indispensable. While you could make use of any free privacy policy generator, these aren’t updated frequently and don’t take your circumstances into account. Further, most of the free generators online cater for European and United States markets which are completely different to South Africa or the laws in place in South Africa.

We can help you develop and implement cost effective, in-depth Privacy Policy’s to make sure that your business is compliant.

Visit us today: www.debeerco.co.za