POPIA Manual is a Privacy Policy

A POPIA manual is actually a privacy policy. Many organisations have compiled or published a POPIA Manual, and we often receive enquiries requesting that we draft one for clients or provide a POPIA Manual template. Some people incorrectly think that POPIA requires every organisation to have a manual, the same way that PAIA requires organisations to have a PAIA manual. The good news is that POPIA does not require you to have a manual – POPIA does probably mean that you need a privacy policy, but not a manual. You shouldn’t have one all-encompassing manual – they are two different subjects that need to be dealt with separately.

In our view, there is no such thing as a POPIA manual, and you don’t need one.

The good news is that the law does not require you to have a POPIA Manual, and we don’t believe there are good business reasons to have one. POPIA does not require your organisation to have a manual, the same way PAIA requires everybody to have one.

Does the law require a POPIA Manual?

POPIA does not require you to have a manual

When POPIA came into effect, it amended specific provisions of PAIA that relate to the PAIA manual. As a result, your PAIA manual must now include additional information related to the protection of personal information (or data privacy). For example, a description of the different categories of your data subjects and the reasons for processing personal information (your purposes). This information is typically found in a privacy policy. We don’t believe you should add this information to your PAIA Manual, but rather add it to your privacy policy. Your manual can then refer to your privacy policy.

Organisations all over the world publish privacy policies that contain this information. Readers and data subjects expect to find it there and not in a PAIA Manual (which is a purely South African requirement).

Put data privacy notices, disclosures and consents in a privacy policy, and not a manual

While the protection of personal information and access to information are two sides of the same coin, they are separate issues and should be addressed separately in different documents. For example, POPIA relates to personal information only, whilst PAIA relates to all records.

The name POPIA Manual uses an acronym, which isn’t plain language. Privacy policy is.

How we can help

We won’t draft a POPIA manual for you, but will will draft a PAIA one or a privacy policy for you. We’ll also review existing ones that you have and update them for you.

Where did the idea of a POPIA manual come from

The Information Regulator doesn’t talk about a POPIA Manual template, so where does the idea come from? There is no mention of it in the regulator’s portal. So, where does the concept come from? We’re not sure, but we think that someone drafting one thought it would be a good idea and it stuck with some people.

POPIA Manual is a Privacy Policy

Does the law require a POPIA Manual?

How we can help

Where did the idea of a POPIA manual come from

Share This Story, Choose Your Platform!

Related Posts

Katiba v Tools for Humanity and others | Biometric data

Nigeria fines Meta | Data breach penalty upheld

Proposed GDPR record-keeping exemption for SMEs

GDPR vs POPIA | Compare the GDPR with the POPI Act?

TikTok’s GDPR transfers – Understanding the €530M fine