Farmers have a responsibility to protect the personal information of their farmworkers, warns a foremost legal expert. This, after the implementation of the Protection of Personal Information Act (POPIA) on Thursday, 1 July 2021.
The act, also referred to as the Popi Act, compels agricultural enterprises to get their houses in order to avoid hefty fines of up to R10 million, says John Giles, director and managing attorney at Michalsons. This law firm specialises in POPIA which Giles describes as “a very complex law”.
Speaking to Food For Mzansi, Giles says essentially the act compels any organisation that processes personal information, to protect that information.
“This is to protect people from harm. In essence it doesn’t mean you can’t process information but if you are going to, then there are some conditions you need to comply with in order to do it law fully.”
In many cases, criminals use personal information to scam people and often it is the poorest of the poor who get scammed out of their last R100, Giles explains. This is often because people do not protect their personal information, enabling criminals to commit crimes against them.
“In a farming context, it’s often the farmer who needs to protect the personal information of the farmworker, so that it does not fall into the wrong hands,” he adds.
If POPIA had to be further applied to an agricultural context, it would mean that the act seeks to ensure that farmers, agripreneurs and farmworkers are not unfairly prejudiced or excluded from an economic market based on their personal information.
What kind of information?
According to Giles any and all information that identifies an individual must be guarded. Among others, it includes names, identity and telephone numbers, email addresses, bank account numbers.
Even broader than that, Giles explains that information such as person’s race, preferences and financial history should also be handled with the utmost care.
“Say a farmer goes to a bank for a loan, the bank then tells the farmer that their loan application has been declined because thanks to data and information received from different sources, they [the bank] know that the land the farmer [farms on] has a very poor yield because of,” Giles explains.
In this scenario, the farmer is the data subject and could be discriminated or prejudiced against, based on their personal information.
What farmers should know
Giles says it important to consider that the POPIA impact on an agricultural enterprise would be different based on the scale of the farm.
In terms of compliance, what a smallholder farmer needs to do is much less compared to what a commercial farmer needs to do.
“Farmers don’t process a lot of personal data. They’re not like banks or healthcare providers.
Therefore, farmers must ensure that they protect the personal data of their employees. When it comes to payslips, farmers must be sure that it lands in the hands of the right person, Giles emphasises.
What about WhatsApp, SMSes and emails?
Meanwhile, a lot of misinformation has been doing the rounds about POPIA and especially WhatsApp groups and email newsletters.
Giles says farmers need to know that if retailers are their market, then they have little to worry about. However, farmers engaging with consumers directly, must follow the rule of law.
“What the POPIA act is trying to stop, is really people being a nuisance and trying to sell their things.”
“There’s also different rules depending on whether someone is already a customer versus a prospect – someone you don’t know at all.”
The act allows for business owners to send SMSes, to existing customers on an opt-out basis.
“If you bought a cabbage from me before, I can WhatsApp, SMS or email you to say I’ve got more cabbages, would you like some? But I must let you opt out of that communication,” Giles explains.
Then, for prospective clients, farmers must first email, WhatsApp, or SMS the potential client asking for permission to start communicating with them about their products or services.
Once the prospective client agrees, the farmer must give the client an opportunity to opt out and time after that, Giles explains.
Non-compliance and consequences
Farmers and agribusiness owners, Giles explains, run the risk of being fined by the information regulator – up to R10 million. There are, however, certain minor offenses which are categorised as up to R1 million.
“The regulator could say that because you are smallscale farmer, they’ll only fine you R20 000,” Giles explains.
He stresses that it is very unlikely that non-compliance could result in jail time for farmers. Apart from a hefty fine, workers could potentially sue farmers if their personal information was not protected, leading to that farmworker falling victim to a money scam.
Giles says, “You’d want to protect any personal information that you process in order to protect people from harm. But really don’t let it stress you out. To a large extent it’s common sense.”