While some parts of the POPIA already came into effect in April of 2014, it became compulsory from 1 July 2021. This Act was implemented to ensure the safety of sensitive personal information, the protection of privacy and to make the entities collecting the data accountable for its safekeeping.
In short, managing consent to the info that is collected and stored, and it’s safe keeping, is at the heart of this law.
But what does that mean for media monitoring specifically? Let’s dive in:
Client data
Under the POPIA regulations,
the company may collect data without a person’s consent, but the information must be freely given by the entity (a person or an institution). This means that a client should be made aware that their information is being collected so they can decide if they want to provide that data to the media monitoring company.
What’s more, you need to ensure that there’s a record (paper trail) of this person indicating that they are giving their personal details
freely. This may be in the form of a tick box or clicking on a link that says ‘YES’.
So what are media monitoring companies complying with when it comes to their clients and the POPI Act?
First, by informing their client what data is being collected and stored. They also need to express what they intend to do with that information. For instance, indicating to a client that sensitive information is used to enable analysts to track certain keywords.
As a company that is processing data, they will also need to make sure that it is secure throughout the processing journey and that it is ethically used. This is almost like stamping “
Top secret — for your eyes only” on a folder and ensuring that only the required analysts and contact people have access to your files.
Monitored channels’ private information
Similar to processing client data, information about the monitored channels needs to be handled with the same ethical care, including storage, retention and disposal. However, when it comes to the specific data that is used, it gets tricky.
This is because you still need to check that you can use info such as contact numbers and addresses, but that is usually already available to the public on the websites of radio stations and publishers.
Although having that info isn’t violating an entity’s privacy, they still need to be informed that you are keeping them on your database. The same goes with the type of data you keep.
It needs to be clear to them why you are collecting it and how you will use it. This relates to newspapers, broadcast media and monitored websites on the Internet. Entities who consent to their data being used also need to be informed that they are within their right to withdraw consent at any point. This applies to clients too!
In the journey of processing information, there also needs to be a
clear record of how this is done. And when a piece of data reaches the end of this road, it needs to be disposed of. Nobody is allowed to keep info indefinitely. So, once it has served its purpose, it should be destroyed or deleted. That means that nobody should be able to bring it back — basically like shredding important documents and then burning the pieces.
Webpages that collect data about traffic
When you are browsing the Internet and you hop onto a website, chances are you have noticed the cookie notification. In some cases, cookies collect personal data — depending on the website that’s being accessed (and the browser you use).
Due to other legislation coming into play on a global scale, many websites are already complying with privacy protection. This means the websites of media monitoring services too.
When the POPI Act requirements are implemented on media monitoring companies’ websites, this means that they need to inform users that cookies are being used (
by notifying them about the collection of data) and they need to click “allow”. To ensure nobody misses it, the button needs to be clearly visible.
Additionally, under the Act, any establishment that collects data needs to collect it from the person or user directly — which is complied with already with the fall away of third-party cookies.
If you are ever unsure of the measures that have been put into place to protect your data, just ask.