The Protection of Personal Information Act (POPIA)


The Eskom Pension and Provident Fund (also known as the Fund or EPPF) as a responsible party processes enormous volumes of personal information, such as the employment or financial history of a member/pensioner, and/or personal information concerning a member’s health. The Fund also processes enormous quantities of personal information pertaining to beneficiaries (who are sometimes minors). 

As a registered pension fund, we also have third party service providers (operators) who process personal information of data subjects on behalf of the Fund. The EPPF prioritises protecting this personal information to ensure that it does not end up in the wrong hands. It is our responsibility to ensure that we process personal information lawfully in accordance with the conditions for lawful processing in the Protection of Personal Information Act (POPIA).

The Protection of Personal Information Act (POPIA) was officially implemented in the first half of 2018. The Eskom Pension and Provident Fund (EPPF) is aligned with POPIA and getting their information governance practices in line with the Act’s requirements. But what difference will this make to the lives of EPPF active members and pensioners?

According to the preamble of POPIA, it intends to:

  • promote the protection of personal information processed by public and private bodies.
  • provide for codes of conduct.
  • introduce certain conditions that will establish minimum requirements for the processing of personal information.
  • provide for the rights of persons regarding unsolicited electronic communications and automated decision making, amongst others.

Your personal information is valuable and needs to be managed carefully. Know your rights, and protect your privacy.

Let’s look at some of the new rights created by POPIA:

  1. The right to know what information is collected. If the EPPF requests that you send through your Personal information, for example when you complete a form for whatever reason, send in your banking details or ID, the EPPF must tell you what information about you is being collected and why. If the EPPF is collecting your information from other sources, for instance if you are going on pension some paperwork will come directly from ESKOM, the EPPF must tell you from where they get the information. They must also indicate what information is voluntary and what is mandatory, and explain the consequences if you don’t provide the information.
  2. The right to know who your information will be shared with. When the EPPF receives your information you should be notified about what is done with it. For instance, it must be indicated who we share it with and if we will be sending it overseas.
  3. The right to access to your information. You have the right to request access to the personal information in the possession of the EPPF. You may ask to confirm whether we have your information, a description of what information we have and the identity of any third parties who have had access to that information.
  4. The right to request correction or deletion of information. You may ask the EPPF to correct or delete inaccurate, irrelevant, excessive, out of date or incomplete information. In some circumstances, the EPPF can refuse such a request, but these are limited and must be explained.

Please look out for further communication regarding fund-wide POPIA initiatives.