What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

Private property

ARTICLE BY

  • Nerushka Bowan
  • Consultant/Head of Technology & Innovation
  • Norton Rose Fulbright

SHARE THIS POST

The Protection of Personal Information Act, 2013 (POPIA) has been in effect in South Africa since 1 July 2021. POPIA provides a framework for regulating the collection, processing, storage and sharing of personal information of individuals and juristic persons and its implementation heralded widespread changes in the insurance industry. Now, 18 months later, we can reflect on how the industry has adapted and look ahead to how it will continue to impact us in the future. 

Changes to the insurance industry

Since the implementation of POPIA, the insurance industry has undergone significant changes in the way it collects, uses, and stores personal information. Companies have had to invest in technology and personnel to ensure they comply with these new regulations, as well as mitigate against ongoing cyber threats. 

Companies have had to adapt to the new requirements of POPIA. They are now required to register with the Information Regulator and appoint an information officer, create privacy policies, review supplier contracts, conduct privacy impact assessments, and provide customers with increased transparency about how they use their data. Companies must also implement technical and organisational measures to secure personal information, such as encryption and access controls, and ensure the necessary compliance steps are taken when data is transferred to other countries.

In addition, companies must now notify customers in the event of a data breach and report the breach to the Information Regulator as soon as reasonably practicable. The Information Regulator is South Africa’s regulatory body mandated to monitor and enforce compliance by public and private bodies in terms of both the Promotion of Access to Information Act, 2000 (PAIA) and POPIA. This has led to increased awareness of data privacy among businesses, as well as the importance of investing in secure systems and implementing processes to protect personal information.

A number of insurers now offer cyber-related insurance products. With the exponential increase in cyber threats to businesses in South Africa, these products have become costly to procure. 

Customers in control

The implementation of POPIA has provided customers with greater control over their personal information. Customers now have the right to request access to their personal information held by companies, as well as the right to request that their personal information be corrected if it is inaccurate or deleted if it is no longer necessary. Customers also have the right to refuse to consent to the processing of their personal information for direct marketing purposes.

POPIA has also provided customers with greater transparency, as companies are now required to inform customers about the purpose for which their personal information will be used, who it will be shared with, and how long it will be kept. 

New Challenges

Despite the benefits of POPIA, there have been some new challenges that have emerged as a result of its implementation. One of the biggest challenges has been the limited resources and capacity of the Information Regulator to effectively enforce POPIA. This has led to a lack of consequences for non-compliance and a lack of deterrent for businesses that continue to violate these laws. 

Another challenge has been the lack of awareness among customers about their rights under POPIA. Many customers are not aware of the steps they can take to protect their personal information, or what to do in the event of a data breach. This has led to a lack of accountability among businesses and a lack of empowerment for customers.

There is also the ever growing threat of data breaches. With the increased focus on data privacy and cyber security, the likelihood of data breaches has also increased. This has resulted in increased pressure on organisations to prevent data breaches, to have proper breach response plans in place and to procure cyber insurance products. 

Implementing the new policies and procedures required by POPIA can be expensive, and some businesses may struggle to keep up with these costs. Some businesses received incorrect POPIA compliance advice, and will need to incur additional costs to redo their compliance exercises. 

What’s next? 

Overall, the implementation of POPIA has had a positive impact on the protection of personal information in South Africa and sets us on a level playing field with global data protection best practice. Businesses have had to adapt to the new requirements of POPIA, customers have greater control over their personal information, and there has been increased transparency in the use of personal information. However, there have been some new challenges that have emerged as a result of POPIA’s implementation, and it is important that these challenges be addressed in order to ensure the continued protection of personal information in South Africa.

The Regulator is on the road to increasing its resources and capacity and we should see the difference over the next 12 months. Despite these constraints, the Regulator has released several Guidance Notes to provide guidance on various aspects of POPIA. These Guidance Notes cover topics such as processing special personal information, personal information of children, personal information of voters by political parties, the obligations of information officers, applying for prior authorisation, exemptions from lawful processing conditions, developing codes of conduct, completing security compromise notification forms, and using PAIA. These Guidance Notes aim to assist responsible parties in complying with POPIA.

As customers’ awareness about the many rights they hold under POPIA increases, we will see an increase in the number of data subject access requests and access to information requests received by companies. Given that the protections under POPIA extend to juristic persons, we may also see these requests emanating from other businesses, in addition to individual customers. We are also likely to see an increase in data privacy related litigation in the coming months. 

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.