Only law firms should be lead service providers when ensuring
you comply with POPI. Consultants, auditors, audit firms and even
information security or IT governance consultants cannot provide
the legal protection and privilege offered by law firms.
Powers to search and seize
The Information Regulator may obtain a search warrant, and enter
and search your offices and premises. The regulator's staff may
seize and remove whatever they regard as evidence. (section 82)
But your communications with your professional legal adviser are
exempt. (see definition and section 86) The regulator cannot search
or seize them. All your communications, including assessments, gap
analysis, audits and opinions should be part of the communications.
You will enjoy a huge advantage and avoid enormous risks.
An example of what could happen
Just imagine - a consultant assesses your compliance with POPI
and provides a gap analysis. There are bound to be many gaps
because at this stage it is highly unlikely that anyone complies
fully with POPI. The regulator believes you are not complying and
visits your offices with a search warrant and demands your gap
analysis. There is no better evidence to prove that you are not
complying with POPI and the regulator may fine you up to R10
Audit firms and other consultancies are not professional legal
advisers. Even though they may engage the services of professional
legal advisers , they themselves do not provide legal privilege and
protection under POPI. Only in very limited instances would
communications between you and those consultancies be protected
under legal privilege.
Professional legal advisers
You need us to help you to comply and implement POPI in your
organisation. We are professional legal advisers and provide you
with independent legal advice that is confidential, privileged and
protected. This is why we mark all communications to our clients
regards POPI as a communication between a professional legal
adviser and a client, which is privileged.
We do not suggest we have all the skills to implement POPI
practically and cost effectively. For your benefit we adopt a
multi-disciplinary approach and strong protected relationships
exist with other professionals (like strategic management
consultants, ICT management consultants, IT governance
professionals, information security specialists, and consultants).
Together we are able to offer you specific and often unique skills,
knowledge and experience.
We repeat that lawyers must be your main entry point, even if
they engage non lawyers as sub-contractors. You must ensure that
every communication goes through your lawyers.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Nigerian Communications Commission (NCC) has concluded plans to introduce Lawful Interception (LI); a legally sanctioned official access to private communications, such as telephone calls or email messages
After 10 years of debate, South Africa’s President Jacob Zuma has finally signed South Africa’s first framework privacy bill into law, the Protection of Personal Information Bill.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).