Protection of Personal Information Manual (POPIA MANUAL)

Updated and Published: 30 June 2021

1. Introduction and Purpose

PEC Utility Management (Pty) Ltd (PEC) is a private company registered in South Africa and is obligated to comply with the Protection of Personal Information Act 4 of 2013 (POPIA).

• PEC must inform clients, consumers, and employees how their personal information is gathered, used, protected, disclosed, and destroyed.

• PEC guarantees to protect privacy and use personal information appropriately, transparently, and securely.

• This policy sets out how PEC manages personal information and the purposes for which it is used.

• Available at: www.pecutilities.co.za or PEC head office.

2. Background

POPIA regulates the processing of personal information by public and private bodies.

3. Key Definitions

• Data subject – the person to whom personal information relates.

• Processing – collection, storage, updating, distribution, destruction, etc. of personal info.

• Record – any recorded information (writing, electronic, maps, photos, etc.).

• Responsible party – determines purpose/means for processing info.

• Personal information – race, gender, ID, financial/medical history, opinions, etc.

• Information Officer – CEO of PEC, registered with the Information Regulator.

• Information Regulator – independent body monitoring compliance with POPIA.

4. Policy Statement & Responsibilities

PEC commits to ensuring personal info is processed lawfully, securely, and transparently.

5. Rights of Data Subjects

• Object to use of personal info.

• Be notified if info is used for another purpose.

• Confirm whether PEC holds their info.

• Request correction/deletion of info.

• Refuse direct marketing.

• Lodge complaints with the Regulator.

• Institute civil proceedings.

6. Conditions for Lawful Processing

• Accountability – responsible party must comply with the Act.

• Processing Limitations – requires consent, legal obligation, contract, or legitimate interest.

• Specific Purpose – info must be collected for a defined lawful purpose.

• Limiting Collection – info must be collected fairly, lawfully, and directly from the data subject (with exceptions).

• Information Quality – info must be accurate and updated.

• Openness – subjects must be aware of purpose, responsible party, and rights.

• Security Safeguards – protect integrity and confidentiality of info.

• Data Subject Participation – can request correction or deletion.

7. Information Regulator

• Independent authority with jurisdiction across South Africa.

• Enforces offences and penalties:

  • Minor offences → fine and/or 12 months imprisonment.

  • Major offences → fine and/or 10 years imprisonment.

8. Information Officer Responsibilities

• Ensure compliance with POPIA.

• Develop and maintain policies.

• Staff training and awareness.

• Handle access requests and complaints.

• Approve data disclosures and operator contracts.

• Ensure info quality and security.

• Investigate and document breaches.

9. Trans-Border Information Flows

PEC complies with POPIA Chapter 9, Section 72, using contractual commitments with third parties.

10. Safeguarding Information

• Information Officer: Nico Pienaar (details below).

• POPIA policy, PAIA Manual, Privacy Policy, incident response plan in place.

• Risks assessed, IT systems secured, backups stored off-site.

• Employees sign contracts with POPIA compliance clauses.

11. Destruction of Records

• Paper: shredded beyond reconstruction.

• Electronic: securely deleted with IT services.

12. Employees and Agents of PEC

• Must treat personal information as confidential.

• Cannot disclose info unless necessary for duties or already public.

• Must follow POPIA conditions and obtain consent before processing.

13. Scope & Training

• Staff responsibilities outlined during induction.

• Ongoing training ensures compliance.

14. Policy Review

• Annual review by the Information Officer.

15. Information Officer Details

Information Officer

• Name: Nico Pienaar

• Tel: 012 846 3000

• Fax: 012 846 3028

• Postal: P.O. Box 73639, Lynnwood Ridge, 0040

• Physical: 128 Siersteen Street, Silvertondale, Pretoria

• Email: popia@pecgroup.co.za

Deputy Information Officer

• Name: Riëtte Delport

• Tel: 012 846 3000

• Fax: 012 846 3028

• Postal: P.O. Box 73639, Lynnwood Ridge, 0040

• Physical: 128 Siersteen Street, Silvertondale, Pretoria

• Email: popia@pecgroup.co.za

16. Forms Included

• Form 1: Personal Information Request Form

• Form 2: POPIA Complaint Form (complaints may also be lodged with the Information Regulator: Adv. Pansy Tlakula, SALU Building, Pretoria. Email: inforeg@justice.gov.za, Website: www.justice.gov.za/inforeg/index.html)