Are you concerned that you may have committed one of the POPIA offences that may attract one of the penalties or POPIA administrative fines? POPIA deals with these issues but it is very hard to quickly find out what the POPIA offences are and what you are liable for if you commit one of them. The POPIA penalties section is a good example of poor legal drafting where there are so many cross-references, the text loses its meaning.

You need to know when you might have to pay a fine or go to jail.

No one wants to pay a fine or go to jail so this is important information. In this article, we set it out in plain language so that you can try to ensure that you don’t commit one of the POPIA offences. We help the members of our data protection programme avoid fines by authorities and resolve disputes with the information regulator. We also have a module on the risks of non-compliance in which we go into more detail.

Serious POPIA offences and their penalties

You can be liable for a fine up to R10 million or 10 years in jail. Remember that “or” includes “and” and so you could face both penalties. You commit a serious POPIA offence if you:

  1. Obstruct the regulator (section 100)
  2. Fail to comply with an enforcement notice (section 103(1))
  3. Give false evidence before the regulator under oath (section 104(2))
  4. Fail to comply with the conditions when processing account numbers (section 105(1))
  5. Knowingly or recklessly obtain or disclose an account number (section 106(1))
  6. Sell (or offer to sell) an account number (section 106(3) and (4))

You’ll know when you do one of the first three so they are not as risky. But Note the last three that all relate to account numbers. They deserve your attention and are probably the offences you are most likely to commit. We can help you to avoid committing these offences.

Key insight: Focus on account numbers to avoid penalities.

Minor POPIA offences and their penalties

You can be liable for a fine up to R1 million or 1 year in jail. You commit a minor POPIA offence if you:

  1. Fail to get prior authorisation from the regulator if you need to (section 59)
  2. If a person acting for (or under the direction of) the regulator does not keep personal information confidential (section 101)
  3. Obstruct a person executing a warrant or fail to give assistance to the person (section 102)
  4. Make a statement knowing it to be false (or recklessly) (section 103(2))
  5. Fail to give evidence when summonsed to do so by the regulator (section 104(1))

You’ll know when you do one of these things so they are not as risky.

POPIA administrative fines

If someone alleges that you have committed one of the POPIA offences, the regulator can send you an infringement notice specifying the fine you must pay, which can be up to R10 million. This limit is actually quite low compared with other jurisdictions, like the EU.

Will anyone go to jail for a POPIA offence?

We honestly don’t think that the regulator will put people in jail. As far as we are aware, there is nobody in jail for these types of crimes. Yes, they are technically possible, but the chances are very low. It’s much more likely that the regulator will issue a fine. So in our opinion, jail time is a very low risk to information officers.

In our view, it is unlikely that anyone will go to jail.

The sections in POPIA that deal with POPIA offences and penalties

Chapter 11 of POPIA deals with these issues. Section 107 specifically deals with the POPIA offences.