Abstract
Protection of personal information and access to universities' records requires the establishment of a records management division to handle personal information. Yet little attention has been focused on the roles and responsibilities of records management professionals, who enable the management of personal information. The purpose of this chapter is to assess and compare the current state of the implementation of the Protection of Personal Information Act No 4 of 2013 in two South African universities, namely the University of Venda and the University of Witwatersrand. The chapter used a qualitative research approach. Secondary data were derived from a literature search and primary data from interviews. Despite the enactment of the act, privacy breaches continued to increase due to the ineffective records management division dedicated to the management of personal information. Universities are to strengthen their internal process on personal information to comply with the General Data Protection Regulations (GDPR).
TopBackground
South African government enacted the Protection of Personal Information Act No. 4 of 2013 that restricts the disclosure of personal and confidential information. The Protection of Personal Information Act (POPIA) 2013 was promulgated in November 2013. The government enacted the Act to control the collection, use, and sharing of information to protect the privacy of individuals identified by the university system. The POPIA compels South Africa’s public universities to establish proper processes and procedures for implementation (Netshakhuma, 2019a). POPIA ensured that private and personal information is protected and prevent inappropriate disclosure of information that could harm institution or infringe the privacy rights of individuals. The Act regulates the processing of personal information by public and private organizations in South Africa. It is expected that enactment of the POPIA will contribute to transparency, promotion of individual rights, improve compliance with POPIA by ensuring that organizations adhere to the requirement of the Act.
Legislation is a factors that guide access to records (Nengomasha & Nyanga, 2015). This means that institutions are to meet legal requirements to manage personal records and provide accurate, relevant, and complete information (Cheng, 2018). The legislation provides guidelines on how to access information held by the state. Such information includes personal social media (Netshakhuma, 2019d and 2019e). Managing personal records by universities protects their interest and stakeholders.
Key Terms in this Chapter
Protection of Personal Information Act No 4. 2013: It is the South African Legislation enacted by the South African legislature to protect people from harm by protecting their personal information.
Universities South Africa: This is an institution formerly known as Higher Education South Africa (HESA) representing all public South African universities.
Internationalisation: The Process of integrating an international, intercultural or global dimension into the purpose, functions or delivery of universities.
General Data Protection Regulation (GDPR): It is a European Union regulation. A Person or entity in South Africa needs to comply with the GDPR’s requirements if they process personal information of individuals based in the European Union.
Personal Information: This is any information related to data element identified as human elements.