A large proportion of an organisations’ IP typically resides in email. Email is also the main mechanism for a host of cyber-attacks, including malware, phishing and social engineering.
POPIA compliance and data protection in relation to the use of emails, relate to technology as well as how the system is used.
On the one hand it is crucial to ensure email data security and data leak prevention solutions are put into place.
In addition, users (such as employees) should be educated in terms of meeting POPIA requirements when they send, forward or reply to emails; and also how they react upon receiving them.
Developing a compliant email strategy requires an organisation to firstly identify and map the process of email data flow as well as the various components. Then, it needs to demonstrate that this data is protected and controlled and that the organisation is aware of all of the data touch points and storage points and who has access to it.
People / Users
When will an employer be exempt from having to pay severance pay to a retrenched employee?
It is trite law that an employee may forfeit his/her claim to severance pay if he/she unreasonably refuses an offer of alternative employment in an attempt by the employer to avoid his /her retrenchment (section 41 of the BCEA). This provision incentivises an employer to provide alternative employment, but it also aims to limit job losses as a result of retrenchment processes.
But who decides when it is a reasonable alternative offer, or an unreasonable refusal of the offer by the employee?
The Labour Appeal Court considered this in a recent case where the affected employee (57) who worked in the employer's Port Elizabeth office where retrenchments were contemplated, had been offered an alternative position in the East London office. The employee refused the offer without providing any reasons.
The employer than revised the offer by increasing the...
The High Court recently considered this question in an application for an interdict against an ex-employee who was alleged to have breached the provisions of the restraint clause in her contract of employment.
The court made reference to the following test for determining the reasonableness of a restraint provision:
1. Is there an interest of the one party, which is deserving of protection at the termination of the agreement?
2. Is such interest being prejudiced by the other party?
3. If so, does such interest so weigh up qualitatively and quantitatively against the interest of the latter party that the latter should not be economically inactive and unproductive?
4. Is there another facet of public policy having nothing to do with the relationship between the parties but which requires that the restraint should either be maintained or rejected?
5. Does the restraint provision go further than is necessary to protect the applicant’s interests?
Protectable interest and prejudice...
POPIA compliance is complicated. It is not something that can quickly be tackled and completed within a week, or even a few weeks prior to the compliance deadline of 1 July 2021. Such a thing as a 'POPI file' filled with templates and completed checklists sitting on a shelf or in folder, ready for a random inspection, will not cut it. Neither will a generic 'POPI Manual' or policy that you buy from a service provider. If you want to achieve actual compliance that will withstand court challenges, prosecutions, complaints and regulatory investigations, it will require a great deal more.
While we are all too aware that POPIA may be the last thing on people's minds when they are struggling with sheer survival in the midst of the Covid-19 environment, we do believe that there is room for awareness and education on the topic, and a slow 'easing in' for organisations and individuals to become familiar with a POPIA-compliant landscape.
Uncertainty. The new normal. VUCA (volatility, uncertainty, complexity, and ambiguity).
All of these are buzz words floating around in the current global Covid-19 environment. And the main question on everyone's lips is: "how long"?
How long before ...... we return to how things were, to my comfort zone, to the way I am used to doing things, to safety, to financial stability, to LIFE! Well, how long is a piece of string?
We have daily discussions with business owners and managers who are desperate to find some measure of certainty and to be able to give direction and guidance to their staff. They feel the responsibility of leadership weighing heavily on them - they understand all too well the emotions and financial strain that their employees are going through, yet they have to make the tough decisions to try and ensure the survival of their organisation, business or school. The usual planning models and financial projections have just about become irrelevant while we do...
Most of the remaining provisions of the Protection of Personal Information Act have come into operation on 1 July 2020.
That means that the start of the anticipated 12 month transition period is 1 July 2020 and that the effective date for enforcement (the date by which organisations must be compliant) will be 30 June 2021. Although there will be no sanctions for non-compliance until that time, organisations must work towards compliance as soon as possible - and there is a lot to do.
It is expected that there will be further communications covering practical implications such as the registering of Information Officers.
POPIA applies to all local and foreign organisations processing personal information in South Africa. The Act will impact on technology, policies, procedures and compliance frameworks across the business - including in ICT, HR and marketing.
What is POPIA?
POPIA is the South African version of the European...
[Updates: DoH published Guidelines on Vulnerable Workers - 25 May 2020; Health and Safety Directive - 4 June 2020]
The phased-in lifting of the lockdown in South Africa means that employers have started to open up their businesses again. There are, however, measures the employer must put in place prior to the return of employees to the workplace. One of the requirements is that ‘special measures’ must be implemented for employees over the age of 60 years and those with health issues or comorbidities.
There have been a lot of questions about how employers should handle employees who are regarded as such ‘vulnerable workers’ for the purposes of Covid-19 back-to-work measures. In particular, there is a misconception that such employees may not return to the physical workplace, and some believe that such employees would be entitled to (paid) ‘special leave’ if they fall into this category. It is not quite as simple as that.
The question was bound to come up: on what basis can South African employers include or exclude staff when reopening business and starting (partial or phased-in) operations?
Can staff who use public transport to get to work be legitimately regarded as posing or being subjected to a greater health risk than their colleagues who might have their own transport - and be excluded from call-backs on that basis?
On the face of it, it might seem like a simple enough question with only health concerns in mind. However, there is great potential for decisions that are arbitrary, subjective and based on assumptions that might not be able to be objectively substantiated. Taking decisions about the presumed health vulnerability of employees without relevant medical information, is equally risky. Any selection or differential treatment will have to be defensible in terms of solid scientific facts or a neutral operational rationale - since this situation can very...