The Protection of Personal Information Act (POPIA)
INTRODUCTION TO POPIA
The Eskom Pension and Provident Fund (also known as the Fund or EPPF) as a responsible party processes enormous volumes of personal information, such as the employment or financial history of a member/pensioner, and/or personal information concerning a member’s health. The Fund also processes enormous quantities of personal information pertaining to beneficiaries (who are sometimes minors).
As a registered pension fund, we also have third party service providers (operators) who process personal information of data subjects on behalf of the Fund. The EPPF prioritises protecting this personal information to ensure that it does not end up in the wrong hands. It is our responsibility to ensure that we process personal information lawfully in accordance with the conditions for lawful processing in the Protection of Personal Information Act (POPIA).
The Protection of Personal Information Act (POPIA) was officially
implemented in the first half of 2018. The Eskom Pension and Provident
Fund (EPPF) is aligned with POPIA and getting their information
governance practices in line with the Act’s requirements. But what
difference will this make to the lives of EPPF active members and
According to the preamble of POPIA, it intends to:
promote the protection of personal information processed by public and private bodies.
provide for codes of conduct.
introduce certain conditions that will establish minimum requirements for the processing of personal information.
provide for the rights of persons regarding unsolicited
electronic communications and automated decision making, amongst
Your personal information is valuable and needs to be managed carefully. Know your rights, and protect your privacy.
Let’s look at some of the new rights created by POPIA:
The right to know what information is collected.
If the EPPF requests that you send through your Personal
information, for example when you complete a form for whatever
reason, send in your banking details or ID, the EPPF must tell you
what information about you is being collected and why. If the EPPF
is collecting your information from other sources, for instance if
you are going on pension some paperwork will come directly from
ESKOM, the EPPF must tell you from where they get the information.
They must also indicate what information is voluntary and what is
mandatory, and explain the consequences if you don’t provide the
The right to know who your information will be shared with.
When the EPPF receives your information you should be notified
about what is done with it. For instance, it must be indicated who
we share it with and if we will be sending it overseas.
The right to access to your information.
You have the right to request access to the personal information
in the possession of the EPPF. You may ask to confirm whether we
have your information, a description of what information we have
and the identity of any third parties who have had access to that
The right to request correction or deletion of information.
You may ask the EPPF to correct or delete inaccurate, irrelevant,
excessive, out of date or incomplete information. In some
circumstances, the EPPF can refuse such a request, but these are
limited and must be explained.
Please look out for further communication regarding fund-wide POPIA initiatives.