Privacy

avatar
Created by
Rajagopaul

Cards (71)

  • Edward Snowden (1983-): 'Former Central Intelligence Agency employee who copied and leaked classified information from the US National Security Agency in 2013 without prior authorisation'
  • What is covered in this chapter
  • What is covered in this chapter
    • Privacy and the Constitution
    • Privacy in employment
    • Legal consequence of unlawful invasion of privacy
    • The Protection of Personal Information Act
  • Why this chapter is important
  • Privacy
    The right to privacy is not absolute and may be limited to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom
  • Limitation of the right to privacy
    Take into account all relevant factors, including the nature of the right, the importance of the purpose of the limitation, the nature and extent of the limitation, the relation between the limitation and its purpose, and whether there are less restrictive means to achieve the purpose
  • Privacy
    • The most comprehensive of rights and the most valued by civilized men
    • An individual condition of life characterized by seclusion from the public and publicity
  • Legitimate business reasons for employers to access employees' private information
    • Assessment of applicants for prospective employment
    • Investigation of misconduct justifying disciplinary action
    • Assessment of performance and investigation of capacity
    • Control of absenteeism and sick leave
    • Notification of contact people in cases of emergency
    • Tax purposes
  • Legal consequences of unlawful invasion of privacy include compensatory and delictual damages
  • Common-law protection of privacy
    The right to decide when and under what conditions private affairs may be made public
  • Crimen injuria
    The wrongful, intentional and serious violation of the dignity or privacy of another
  • Promotion of Access to Information Act

    Allows access to information held by the State or private bodies, provided there are no grounds for refusal
  • Categories of protected information under the Promotion of Access to Information Act
    • Personal information about a third party
    • Records of the South African Revenue Service
    • Trade secrets
    • Financial, commercial, scientific or technical information
    • Information supplied in confidence
    • Information that could endanger life or safety
    • Law enforcement and legal proceedings records
    • Defence, security and international relations information
    • Economic interests and financial welfare information
    • Commercial activities of public bodies
    • Research information
    • Information pertaining to the operations of public bodies
    • Medical information held by a health practitioner
  • Information should be disclosed if there is a substantial failure to comply with the law, or an imminent and serious public safety or environmental risk, and the public interest clearly outweighs the harm
  • For private bodies, the information must be 'reasonably required' for the exercise or protection of a right
  • Private bodies must grant access to records if the person requesting the information complies with the provisions of the Act
  • Information that must be included in a private body's manual
    • Full name, addresses and contact details of the head of the private body
    • Description of the guide published by the Human Rights Commission
    • Categories of information readily available to the public
    • Manner in which a formal request for information should be made
  • A private body must grant access to a record if the person requesting the information complies with the provisions of the Act
  • To facilitate access to records held by public and private bodies, the Act requires that the procedures to obtain those records must be in writing and made available to the public
  • All private bodies must compile a manual containing a description of all the documentary information held by it
  • The manual must contain the following information
    • The full name, physical and postal addresses and contact details of the head of the private body
    • A description of the guide to be published by the Human Rights Commission in terms of section 10 of the Act
    • Categories of information readily available to the public from the private body without making a formal request for information
    • The manner in which a formal request for information should be lodged with the private body
    • The identity and contact details of any person duly authorised by the head of the private body to assist with or facilitate requests for information
    • The categories of information held by the private body, including the subjects on which the private body holds such information, which may be obtained only by means of a formal request for information
  • The manual may include additional information to assist members of the public when making a request to a private body for information
  • This additional information may include
    • The right of a requestor to appeal refusals by the head of a private body to grant a request for information
    • The manner in which information is to be provided by a private body and the time periods within which the information is to be made available
    • The grounds on which information may be refused
    • The rights of third parties regarding information that may concern those third parties
  • Care should be taken to compile the manual in a manner that will promote access to information, rather than frustrating it
  • Information Officer
    The person responsible for protecting information within an organisation, and held accountable for any misuse of the data held
  • The Information Officer is the point of contact between the organisation and the Regulator
  • The Information Officer must provide education for employees on compliance requirements and training for staff responsible for processing personal information
  • The Information Officer must conduct regular security audits and make recommendations to improve compliance with the Act and best practice
  • An Information Officer who fails to adequately perform their duties may be held personally liable, with a fine of up to R3 000 per infringement
  • Indirect communication
    The transfer of information by a telecommunication system or a postal service, including speech, music or other sounds, data, text, visual images, signals or radio frequency spectrum
  • Direct communication

    Oral communication between two or more persons which occurs in the immediate presence of all the persons participating in that communication, or an utterance by a person participating in an indirect communication that is audible to another person participating in that indirect communication
  • No person may intentionally intercept any 'communication' in the course of its occurrence or transmission, anywhere in South Africa
  • Anyone guilty of breaching the Regulation of Interception of Communications and Provision of Communication-related Information Act may face a fine of up to R2 million or up to ten years' imprisonment
  • An employer may lawfully monitor, examine and otherwise intercept employees' telephone conversations, emails, faxes and other forms of indirect communication, in the course of the carrying on of its business
  • Conditions for an employer to lawfully intercept employees' indirect communications
    • The communication is the means through which a transaction is entered into in the course of that business
    • The communication is intercepted for a legitimate purpose, e.g. to investigate or detect the unauthorised use of the employer's telecommunication system
    • The communication is intercepted over a telecommunication system that is provided for use in connection with the business of the employer
    • The system controller has made all reasonable efforts to inform all individuals using the telecommunication system in advance that indirect communications transmitted through it may be intercepted, and the system controller has intercepted the communication personally
  • Face-to-face discussions and other forms of direct communication cannot lawfully be monitored on the basis of the business exception
  • The business exception will not apply once an e-mail or other message or download arrives at its destination, since the Interception Act makes it clear that interception must occur during the course of transmission
  • Where a company's computer systems is used as a business tool, an employer is entitled to monitor that such a tool is used for its benefit and is not abused
  • Even where monitoring has been in contravention of a statute, the employer has been able to rely on such evidence to justify the dismissal of employees engaged in the abuse of the employer's computer system
  • The Electronic Communications and Transactions Act protects personal information by providing a set of principles to which data controllers may voluntarily subscribe