Only law firms should be lead service providers when ensuring you comply with POPI. Consultants, auditors, audit firms and even information security or IT governance consultants cannot provide the legal protection and privilege offered by law firms.
Powers to search and seize
The Information Regulator may obtain a search warrant, and enter and search your offices and premises. The regulator's staff may seize and remove whatever they regard as evidence. (section 82)
But your communications with your professional legal adviser are exempt. (see definition and section 86) The regulator cannot search or seize them. All your communications, including assessments, gap analysis, audits and opinions should be part of the communications. You will enjoy a huge advantage and avoid enormous risks.
An example of what could happen
Just imagine - a consultant assesses your compliance with POPI and provides a gap analysis. There are bound to be many gaps because at this stage it is highly unlikely that anyone complies fully with POPI. The regulator believes you are not complying and visits your offices with a search warrant and demands your gap analysis. There is no better evidence to prove that you are not complying with POPI and the regulator may fine you up to R10 million.
Audit firms and other consultancies are not professional legal advisers. Even though they may engage the services of professional legal advisers , they themselves do not provide legal privilege and protection under POPI. Only in very limited instances would communications between you and those consultancies be protected under legal privilege.
Professional legal advisers
You need us to help you to comply and implement POPI in your organisation. We are professional legal advisers and provide you with independent legal advice that is confidential, privileged and protected. This is why we mark all communications to our clients regards POPI as a communication between a professional legal adviser and a client, which is privileged.
We do not suggest we have all the skills to implement POPI practically and cost effectively. For your benefit we adopt a multi-disciplinary approach and strong protected relationships exist with other professionals (like strategic management consultants, ICT management consultants, IT governance professionals, information security specialists, and consultants). Together we are able to offer you specific and often unique skills, knowledge and experience.
We repeat that lawyers must be your main entry point, even if they engage non lawyers as sub-contractors. You must ensure that every communication goes through your lawyers.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.