The purpose of this policy is to establish guidelines for the handling, protection, and disclosure of confidential information to ensure it remains secure and private.
The purpose of this policy is to establish guidelines for the handling, protection, and disclosure of confidential information to ensure it remains secure and private.
For the purposes of this guideline and School policy implementation, School and Confidential Material (“information”) will mean any documentation, records or data, whether in paper or electronic format, relating to the School’s operations and its business, and the affairs of its Employees, Learners, Parents, Suppliers, Advisors, Service Providers, Clients, Associates or any other third parties with any dealings with the School.
The Protection of Personal Information Act (POPI) was signed into law on 19 November 2013 and published in the Government Gazette on 26 November 2013. The POPI Act:
The main purpose of POPI is to:
What does this mean for schools?
The scope of POPI includes schools as entities that handle personal information for administrative purposes. The standards set in POPI for the protection of personal information will significantly impact upon the collection, handling and disposal of data in schools. In order to comply with POPI, schools will need to:
What will happen if you do not comply with POPI?
Schools that do not comply with POPI may be liable to pay a penalty of up to R10 million. In their individual capacity, responsible personnel (Principal / Head) who breach POPI, may be liable for a fine and/or imprisonment for up to 12 months.
What conditions does POPI impose on schools to keep the personal information safe and secure?
POPI requires schools to:
Definitions
What is ‘personal information’?
Personal information is broadly defined in POPI as meaning information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including, but not limited to:
What is ‘processing’ of personal information?
Processing refers to any act that can be performed when handling personal information. POPI defines processing to include collecting, recording, organising, updating, storing, distributing, destroying or deleting personal information.
In order to protect the School from unlawful access, disclosure or use of its confidential information or intellectual property, for any unauthorised purpose or to its disadvantage or for the purpose of unfair competition, the School will
expect all its employees to undertake in favour of the School that
Further to the requirements set out above, employees may not during their service with the School, for their own benefit or for the benefit of any other person or party or organisation:
Employees who are employed in senior or key positions by the School may be contracted on the basis of further confidentiality and non-disclosure provisions being imposed upon them in terms of their contract of employment.
Campus 1
Tel: +27 (0)21 982 8507
Campus 2
Tel: +27 (0)21 906 1969