The Protection of Personal Information (PoPI) Act 2013 and its impact on your organisations Terms and Conditions

The Protection of Personal Information (PoPI) Act 2013 and its impact on your organisations Terms and Conditions

For anyone who is not familiar with the PoPI Act and what it entails, here is a brief summary along with some guidelines on how your business will need to comply.

Firstly some background, the PoPI Act sets out the conditions on how you can legally process a ‘data subject’s’ (persons) personal information.  The Act provides for the protection of personal information, through the processing of personal information by public and private bodies in a manner that recognises an individuals’ right to privacy.

The PoPI Act does not prohibit you from processing or require you to obtain permission from a person to process their personal information.  If you are going to process, use or facilitate someone’s personal information however, it is up to you to comply with the conditions set out in the Act.

The Act sets out and individuals’ right to know:

  • What is done with your information
  • How your information is processed or shared
  • Who receives your information or with whom it is shared
  • What type of information is processed and shared; and
  • Why your information is processed or shared

The conditions of these rights are as follows:

  • Accountability
  • Processing limitation
  • Purpose specification
  • Further processing limitation
  • Information quality
  • Openness
  • Security safeguards
  • Data subject participation

The Act applies to anyone who keeps any database or type of record relating to a persons’ personal information.  The Act regulates the processing or sharing of personal information and includes those records already in your possession.

We are all familiar with those painful, unsolicited text messages and phone calls offering you a ‘can’t-be-missed’ opportunity to join a time-share offer or take up a mobile phone contract with an out-of-this-world free data package included.

Apart from the intrusion and inconvenience we often find ourselves wondering where on earth these institutions got our information and who granted them permission to approach us.

The PoPI Act has altered how consent is regarded for direct marketing purposes and is regulated through an ‘opt-in’ or ‘out’ mechanism for consumers.

This means that the processing of a persons’ personal information for the purpose of direct marketing by any means of electronic communication is prohibited unless that person has specifically consented to the processing, or is a customer of the party conducting the marketing.

It is helpful to note that a responsible party may approach a person (who has not previously withheld consent) only once to request consent for the processing of their personal information for direct marketing purposes.  The consent must be obtained in the prescribed manner.

Compliance with the PoPI Act will impact your organisation’s processes, technology and the manner in which employee’s process personal information.

It is advisable that organisations follow the following steps in order to comply with the Act.

  • Raise awareness of the PoPI Act with all data management professionals in your organisation
  • Review the rules governing data requests
  • Implement security controls to protect personal information
  • Adopt a compliance culture to instil the importance of the Act
  • Align your policies, processes and procedures to the Act
  • Include POPI Act compliance in the key performance areas and contracts of those who handle the data.
  • Ensure all governance documents complement each other when relating to the Act

It is imperative that you and your organisation include all terms and conditions related to the use of a person’s personal information in your standard terms and conditions.

This could be set out in a separate Annexure to your standard terms and conditions or attached as your Personal Information Protection Policy which will be required to be signed by both parties.

This could also be in the form of a consent form attached to your contract, agreement or terms and conditions.  How you incorporate this is up to you but it must be incorporated to ensure your business complies.

Small Business Owners: Don’t Overlook Your New Compliance Requirements!

Small Business Owners: Don’t Overlook Your New Compliance Requirements!

Compliance requirements for businesses are becoming more onerous.

Small businesses in particular increasingly have to perform a balancing act between optimising their limited resources on the one hand and weighing up the consequences of non-compliance on the other.

Now we are faced with new accounting reporting standards – standards you should both know about and prepare for. We’ll focus on one particularly important one, the “Revenue from Contracts with Customers” requirement.

Another crucial development is a recent CIPC warning about non-compliance with disclosure requirements relating to remuneration of directors and prescribed officers.

Small business has limited resources and optimising these resources is a balancing act. Part of this balancing act includes the role of compliance.

These requirements have increased as new laws are rolled out along with other regulations, such as BEE and FICA, which also need to be considered.

One needs to carefully weigh up the consequences of not complying with laws or regulations. It is no excuse to say “I was not aware of that requirement” – the onus is on the business to take the time to understand what it needs to know.

Be aware that new standards have become effective in 2019.

The most important of these is “Revenue from Contracts with Customers”. This could be depending on your business, fundamentally alter the way your company recognises revenue (such as construction and telecommunication industries) and even if it does not, disclosure requirements in the notes to your Annual Financial Statements (AFS) may change.

These notes will have knock-on effects, for example, to bonus schemes tied to sales which may need to be altered. This will affect how you disclose remuneration in the AFS and could in turn impact how much additional tax your staff need to pay. In turn, this will change your PAYE (Pay as You Earn) and will roll through to the EMP 201 and EMP 501 (monthly and annual earnings declarations to SARS).

This is only one of several new standards, so speak to us to assess the effect on your business.

Banks and other financial institutions rely on your AFS to determine the health of your business. Not complying with these standards could result in an audit qualification, in turn resulting in a negative perception of your business by key stakeholders.

Companies: What is an Alternate Director? A Curious Role…

Companies: What is an Alternate Director? A Curious Role…

Inevitably, there will be times when one or more of a company’s directors are absent and have to miss board meetings – perhaps through illness, frequent travel, taking of leave etc.

But the company’s operations must continue regardless, and to provide for those situations the Companies Act provides for the appointment of an “alternative director” to fill in for a particular director when need be.

Such an alternate director is included in the Act’s definition of “director” and that means a host of consequences for both the company and the appointee.

Read on for some thoughts on the roles, duties and risks that an alternate director takes on in accepting such an appointment…

Situations can arise where a director becomes ill and takes a leave of absence or travels frequently and has to miss board meetings.

The Companies Act provides for the business to appoint an alternate director to fill in for the absent director.

Roles, duties and risks of the alternate director

The Companies Act includes an alternate director in its definition of a “director”.

Thus, an alternate director is elected in the same manner as a director and when stepping in for the director, the alternate has the full powers of a director i.e. he or she participates and votes as a director in meetings and/or when resolutions are passed.

The alternate director also has to act in the best interests of the company, independently, with due care and skill, fully apprise himself/herself of the issues to be decided on and not have (or declare) any conflicts of interest.

The liabilities incurred by directors fully apply to alternate directors and as the alternate plays a more limited role than a director, there is a strong case to be made for alternate directors being indemnified by insurance cover.

In the event of being sued, the insurance will be paid out as long as the alternate director acts as set out in the above paragraph.

The alternate director should also motivate for the company to pay any legal costs incurred as a result of being sued.

When the director for whom the alternate director stands in for resigns, dies or is removed from office, the alternate director position ceases.

Whilst one can see the necessity of the role of the alternate director, it is nevertheless a curious role.

In a sense, it is similar to a political vice president who needs to be ready at any time to fulfil the role of the president.

Thus, an alternate director needs to be fully up to date in the affairs of the company and to step in whenever the director is absent.

Employers – Need Reducing Staff Conflict with Employee Rights?

Employers – Need Reducing Staff Conflict with Employee Rights?

The Companies Act gives directors wide powers to manage the organisation – the Act states “The business and affairs of a company must be managed by or under the direction of its board”. In a recent case, a furniture company ran into economic difficulties and resolved that it needed to cut costs by reducing staff in its stores.

The company then issued a Section 189(3) Notice to the main union of employees – this is a Labour Relations Act stipulation that employees be notified when the company, for operational requirements, considers reducing staff numbers.

The Labour Relations Act states there must be consultation between management and employees and “the employer and the other consulting parties must, in the consultation envisaged …, engage in a meaningful joint consensus-seeking process and attempt to reach consensus on – (a) appropriate measures – (i) to avoid the dismissals; (ii) to minimise the number of dismissals; (iii) to change the timing of the dismissals; and (iv) to mitigate the adverse effects of the dismissals”.

Accordingly, the company began an intensive process of meetings with the union – four meetings were held, the information asked for by the union was given and the company considered all union proposals, including one that actually reduced the number of staff retrenched.

The union’s reaction

One of the documents forwarded to the union was the resolution to reduce staff. The resolution read “…as a result of the ongoing poor economic trading conditions, …the Group must further reduce store staff numbers through operational requirements to reduce operational costs.”  

The union read this as the company already has made the decision to retrench staff and that it was merely going through the motions of consulting with employees. 

What the Labour Appeal Court said

The Labour Court’s judgment was in favour of the company and this was appealed. Again, the Labour Appeal Court found in favour of the company.

A company, it held, is fully entitled to “…to form a prima facie view on retrenchments, even a firm one, provided it demonstrates and keeps an open mind in the subsequent process of consultation.”

The steps the company took in terms of meetings, considering union proposals and supplying the information the union asked for demonstrates that management fulfilled its obligations to take part in a “joint consensus-seeking process”.

This judgement gives a degree of certainty when approaching retrenchments – act in good faith as per the law and you stack the odds in your favour of getting affirmation from the Courts. It also highlights the fact that there need be no conflict between directors acting in the best interests of the company and Labour law.

The CIPC Is Taking On Wrongdoing by Directors – A R4.3bn Example

The CIPC Is Taking On Wrongdoing by Directors – A R4.3bn Example

The Companies and Intellectual Property Commission (CIPC) has often been viewed as just an administrator and recorder of decisions made by companies.

In February however, the CIPC issued a Compliance Notice to the Public Investment Corporation (PIC) instructing it to recover an R4.3 billion investment in AYO Technology Solutions.

What is going on and what is a Compliance Notice?

The CIPC does have widespread powers, including issuing of subpoenas, and if it feels that on “reasonable grounds” the Companies Act (the Act) has been breached or someone has benefited from a contravention of the Act, then it may issue a Compliance Notice instructing relevant person(s) that the action taken by the relevant company:

• Be stopped
• Be reversed
• That the assets of the company be restored to their value prior to the action being taken.

Should the steps required by the Compliance Notice not be taken, the CIPC can apply to the Courts for an administrative penalty to be levied or may refer the matter to the prosecuting authorities.

Someone who has received a Compliance Notice may appeal to the Courts for the Notice to be set aside.

In the PIC case, the CIPC maintained that the R4.3 billion investment was done at a very inflated valuation of AYO (the market price since the investment has been 50% below the valuation). It was alleged in the PIC hearings that the PIC did very little due diligence when making the investment. Accordingly, the directors of the PIC are accused of harming the company (a contravention of the Act).

The High Court has set aside the Compliance Notice, but tellingly the PIC have also instituted a legal process to recover the R4.3 billion investment in AYO.

The implications for all directors

This action by the CIPC has set a precedent and directors need to be aware that they could potentially face a Compliance Notice if they do not take their fiduciary duties as directors seriously. It should be noted that in recent years the CIPC has been diligent in going after delinquent directors.

Make Sure You Have a Shareholders’ Agreement

Make Sure You Have a Shareholders’ Agreement

A well-known attorney recently said he is constantly surprised by the number of shareholder disputes that could be quickly resolved if there was a shareholder agreement.

The importance of shareholder agreements

Human nature is fickle and a few years after starting a company on a handshake, things can quickly unravel. That’s why shareholders should apply their minds upfront to defining the key characteristics in their relationship with fellow shareholders.

For example, if a shareholder wants to sell out after a dispute and wants a friend to acquire his shareholding, this can create many obstacles:

  • What if the other shareholders want to acquire the equity?
  • Who sets the price of the shares?
  • What happens to the current shareholder’s loan account?
  • The remaining shareholders may want a different shareholder.

The chances are, in this example, that the shareholders will have to turn to the courts to resolve the situation.

A shareholder agreement should contain… 

The major points are:

Firstly, the roles and responsibilities of the shareholders, such as do they actively participate in the business or appoint directors.

Secondly, if one of the shareholders does want to exit or if an offer is made for the company, there should be clear processes as to how to execute this:

  • How the shares are valued (normally by independent accountants).
  • Whether existing shareholders get first option to buy the shares and how to allocate the shareholding if more than one shareholder wants to buy the equity.
  • The time frames for all this to happen.

Thirdly, how to resolve shareholder disputes. Usually some arbitration and dispute resolution mechanisms are built in.

Fourthly, what mix of shareholder money and debt to use in the business?

There are obviously many aspects to the agreement, and the nature of the business and the relationships of the shareholders (e.g. do they know each other well?) will determine what else should be included in the agreement.

Don’t forget the Memorandum of Incorporation (MOI) and the Companies Act

In terms of the “new” Companies Act, the shareholders’ agreement cannot conflict with the Act or the MOI. If any clauses in the shareholders’ agreement are not consistent with the Act or the MOI, they are null and void.

For example, if the shareholders want to restrict directors in incurring company debt, the Companies Act requires that this be stipulated in the MOI. This could thus lead to an expensive error as failure to insert this clause in the MOI will effectively mean that directors can borrow at their own discretion.

Take good advice when drawing up your agreement.

Bottom line: Protect yourself and draw up a shareholders’ agreement – one day you will need it. When that day comes you will be very relieved to have taken the time in agreeing fundamental principles with your fellow shareholders.

Considering getting a Shareholders’ Agreement drawn up or updating the current one, contact our Corporate Law Specialist to assist you.

NOTE FOR ACCOUNTANTS: The Companies Act, Act 71 of 2008 can be downloaded from the University of Pretoria’s “Laws of South Africa” webpage.

Additional Reading: There are many excellent articles, such as “The Perils of Shareholders Agreements in South Africa” on Clinton Pavlovic’s website.