IRENE OCCUPATIONAL

AND SPEECH THERAPISTS

PRIVACY POLICY IN TERMS OF THE

PROTECTION OF PERSONAL INFORMATION ACT,

2013

Date of Compilation: 2021/02/20 Page 1

CONTENTS
A.) Name of Organization.........................................................................................................................................2

B.) Scope of the Policy..............................................................................................................................................2

1. Introduction............................................................................................................................................................2

1.1. Purpose of the policy...........................................................................................................................................2

1.2. Personal Information...........................................................................................................................................2

1.3. Policy statement..................................................................................................................................................2

1.4. Key risks...............................................................................................................................................................3

2. Information Officer Responsibilities........................................................................................................................3

2.1. Information Officer..............................................................................................................................................4

2.2. Responsibilities....................................................................................................................................................4

2.3. Enforcement........................................................................................................................................................4

3. Confidentiality:........................................................................................................................................................4

3.1. Scope...............................................................................................................................................................4

3.2. Communication with Clients............................................................................................................................5

3.3. Communication with therapists and employees.............................................................................................5

3.4. Authorization for disclosures not directly related to the reason why information is held..............................5

4. Security Safeguards.................................................................................................................................................5

4.1. Scope...............................................................................................................................................................5

4.2. Specific risks....................................................................................................................................................5

4.3. Security measures...........................................................................................................................................6

5. Information quality..................................................................................................................................................6

5.1. Accuracy..........................................................................................................................................................6

5.2. Updating..........................................................................................................................................................6

5.3. Retention periods............................................................................................................................................6

5.4. Archiving..........................................................................................................................................................7

6. Client access............................................................................................................................................................7

6.1. Responsibility..................................................................................................................................................7

6.2. Procedure for making requests.......................................................................................................................7

6.3. Provision for verifying identity........................................................................................................................7

Date of Compilation: 2021/02/20 Page 2

 6.4. Charging..........................................................................................................................................................8

6.5. Procedure for granting access.........................................................................................................................8

7. Openness:................................................................................................................................................................8

7.1. Commitment...................................................................................................................................................8

7.2. Procedure........................................................................................................................................................8

8. Client Consent:........................................................................................................................................................8

8.1. Underlying principles.......................................................................................................................................8

8.2. Forms of consent.............................................................................................................................................9

8.3. Withdrawal of Consent....................................................................................................................................9

9. Prohibition on processing of Special Personal Information.....................................................................................9

10. Processing of Personal Information of minors.....................................................................................................9

11. Therapists and employees training and acceptance of responsibilities.............................................................10

11.1. Documentation..........................................................................................................................................10

11.2. Induction...................................................................................................................................................10

11.3. Continuing training....................................................................................................................................10

11.4. Procedure for therapists and employees signifying acceptance of policy.................................................10

11.5. Policy Review:............................................................................................................................................10

Date of Compilation: 2021/02/20 Page 3

A.) NAME OF ORGANIZATION
Irene Occupational and Speech Therapists

B.) SCOPE OF THE POLICY

This policy applies to the business of Irene Occupational and Speech Therapists, wherever it is conducted, but based
at 8 Irene Close, 8 Impala Avenue, Doringkloof.

This policy applies to all therapists, employees, locum therapists, Occupational or Speech Therapy students or clients
of Irene Occupational and Speech Therapists.

Date approved by Information Officer: 2021/02/20

Signed by Information Officer:

1. INTRODUCTION

1.1. PURPOSE OF THE POLICY

The purpose of this policy is to enable Irene Occupational and Speech Therapists to:
 Comply with the law in respect of the information it holds about individuals;
 Follow good practice;
 Protect Irene Occupational and Speech Therapists, clients, suppliers, therapists and other individuals;
 Protect Irene Occupational and Speech Therapists from the consequences of a breach of its responsibilities.

1.2. PERSONAL INFORMATION

This policy applies to information relating to identifiable individuals in terms of the Protection of Personal
Information Act, 2013 (hereafter referred to as POPI).

1.3. POLICY STATEMENT

Irene Occupational and Speech Therapists will:

 Comply with both the law, as well as, good practice respect individual’s rights;
 Be open and honest with individuals whose information is held;

Date of Compilation: 2021/02/20 Page 4

  Provide training and support to therapists who handle personal data, so that they can act confidently and
consistently.

Irene Occupational and Speech Therapists recognise that its first priority under the POPI Act is to avoid causing harm
to individuals, which mainly refers to:

 Keeping information securely in the right hands, and

 Storing good quality information.

Secondly the POPI Act aims to ensure that the legitimate concerns of individuals about the ways in which their
information may be used, are taken into account. In addition to being open and transparent, Irene Occupational and
Speech Therapists will seek to give individuals as much choice as is possible and reasonable over what information is
held and how it is used.

1.4. KEY RISKS

Irene Occupational and Speech Therapists has identified the following potential key risks, which this policy will
address:

 Breach of confidentiality (information being given out inappropriately)

 Insufficient clarity about the range of uses to which information will be put - leading to clients being
insufficiently informed
 Failure to offer choice about information use, when appropriate
 Breach of security by allowing unauthorised access
 Harm to individuals if Personal Information is not up to date
 Breach of Code of Conduct

2. INFORMATION OFFICER RESPONSIBILITIES

2.1. INFORMATION OFFICER

The Information Officer of Irene Occupational and Speech Therapists is Sumien du Plessis.

Date of Compilation: 2021/02/20 Page 5

2.2. RESPONSIBILITIES
The Information Officer has the following responsibilities:

 Developing, publishing and maintaining a POPI Policy which addresses all relevant provisions of the POPI Act
including but not limited to:
o Reviewing the POPI Act and periodic updates to the policy as required
o Ensuring that POPI Act introduction training takes place for all therapists and employees
 Ensuring that periodic communication on the POPI Act takes place in order to maintain awareness
 Ensuring that Policy notices for internal or external purposes are developed and published
 Handling client access requests
 Approving unusual or controversial disclosures of Personal Information
 Ensuring that the appropriate policies and controls are in place for ensuring the information quality of
Personal Information
 Ensuring that appropriate security safeguards are in line with the POPI Act for Personal Information
 Handling all aspects of the relationship with the Information Regulator as provided for in the POPI Act

2.3. ENFORCEMENT
Significant breaches of this policy will be handled under Irene Occupational and Speech Therapists’ disciplinary
procedures, as stipulated in the Code of Conduct.

3. CONFIDENTIALITY :

3.1. SCOPE

The scope of this aspect of this policy is defined by the provisions of the POPI Act, Condition 7:

Irene Occupational and Speech Therapists will comply with all of the Conditions for lawful processing of Personal
Information as defined in the POPI Act, provided for in Condition 7.

3.2. COMMUNICATION WITH CLIENTS

Irene Occupational and Speech Therapists will comply with Condition 8 of the POPI Act.

Irene Occupational and Speech Therapists will have privacy information for clients, setting out how their Personal
Information will be used.

Date of Compilation: 2021/02/20 Page 6

This will be available on request and a version of this notice will also be used on the Irene Occupational and Speech
Therapists website and/or social media.

3.3. COMMUNICATION WITH THERAPISTS AND EMPLOYEES

Therapist and employees will be required to sign a short statement, as per the Code of Conduct, indicating that they
have been made aware of their confidentiality responsibilities.

3.4. AUTHORIZATION FOR DISCLOSURES NOT DIRECTLY RELATED TO THE REASON WHY INFORMATION IS HELD

Where anyone within the Irene Occupational and Speech Therapists feel that it would be appropriate to disclose
information in a way contrary to the confidentiality policy, or where an official disclosure requests is received, this
will only be done with the authorisation of the POPI Act Information Officer. All such disclosures will be documented.

4. SECURITY SAFEGUARDS

4.1. SCOPE

The scope of this aspect of the policy is defined by the provisions of the POPI Act, Condition 7. This section of the
policy only addresses security issues relating to Personal Information. It does not cover security of the building,
business continuity or any other aspects of security.

4.2. SPECIFIC RISKS

Irene Occupational and Speech Therapists has identified the following risks:

 Therapists with access to Personal Information could misuse such information

 Therapists and employees may be misled or tricked into giving away information, either about clients or
colleagues, especially over the telephone
 Setting security levels
 Access to information on the personal computers of Irene Occupational and Speech Therapists if it is not
properly secured.

4.3. SECURITY MEASURES

Irene Occupational and Speech Therapists will ensure that adequate steps are taken to provide business continuity in
the event of an emergency.

Date of Compilation: 2021/02/20 Page 7

5. INFORMATION QUALITY

5.1. ACCURACY

Irene Occupational and Speech Therapists will comply with all of the aspects contained in Conditions 5 and 7 of the
POPI Act.

Irene Occupational and Speech Therapists will regularly review its procedures for ensuring that its records remain
accurate and consistent, in particular:

 Information of any individual will be held in as few places as is necessary, and therapists and employees will
be discouraged from establishing unnecessary additional information sets.
 Effective procedures will be set in place so that all relevant systems are updated when information about an
individual changes.
 Therapists and employees who keep more detailed information about individuals will be given additional
guidance on accurate record keeping.

5.2. UPDATING

Irene Occupational and Speech Therapists will review all Personal Information of active clients annually, each
February.

5.3. RETENTION PERIODS

Irene Occupational and Speech Therapists will establish retention periods for the following categories of
information:
 Therapists and employees
 Clients
 Suppliers
 Service providers

These retention periods will be the minimum required by current legislation, unless otherwise justified by the Irene
Occupational and Speech Therapists’ Information Officer.

5.4. ARCHIVING
Date of Compilation: 2021/02/20 Page 8
Archived electronic records of Irene Occupational and Speech Therapists are stored securely off site in a variety of
ways. Contracts must be implemented with appropriate Information Operators.
 Archived paper records are stored in a secure and protected environment chosen by each therapist.
 Archived paper records of service providers and suppliers are stored in a secure and protected environment
on site.

6. CLIENT ACCESS

6.1. RESPONSIBILITY

Any client access requests will be handled by the POPI Act Information Officer in terms of Condition 8 of the Act.

6.2. PROCEDURE FOR MAKING REQUESTS

Client access requests must be in writing.

All therapists and employees are required to pass on anything, which may be a subject access request, to the POPI
Information Officer without delay.

Requests for access to Personal Information will be handled in compliance with the POPI Act.

Specifically, the Irene Occupational and Speech Therapists PAIA manual is used for this purpose.

6.3. PROVISION FOR VERIFYING IDENTITY

Where the individual making a client access request is not personally known to the Information Officer their identity
will be verified before handing over the information.

6.4. CHARGING

Fees for access to Personal Information will be handled in compliance with the PAIA Act.

6.5. PROCEDURE FOR GRANTING ACCESS

Procedures for granting access to Personal Information will be handled in compliance with the PAIA Act, as defined
in the Irene Occupational and Speech Therapists PAIA manual.

7. OPENNESS:

Date of Compilation: 2021/02/20 Page 9

7.1. COMMITMENT

In line with the Conditions 6 and 8 of the Act, Irene Occupational and Speech Therapists are committed to ensuring
that, in principle, clients are aware that:
 their information is being processed and
 the purpose for which it is being processed
 what types of disclosures are likely
 how to exercise their rights in relation to the information

7.2. PROCEDURE

Clients will generally be informed of the above in the following ways:

 Therapists and employees: through this policy
 Clients and other interested parties: through the Client Privacy Information

Whenever the information is collected, the number of mandatory fields will be kept to a minimum and clients will be
informed which fields are mandatory and why.

8. CLIENT CONSENT:

8.1. UNDERLYING PRINCIPLES

Irene Occupational and Speech Therapists undertakes to comply with the POPI Act, Conditions 2 and 8 in
terms of client consent.

Consent will normally not be sought for most processing of information about clients, with the following
exceptions:
 The therapists’ and employees’ Personal Information will not be disclosed to clients, unless it
relates to their therapy.

8.2. FORMS OF CONSENT

Irene Occupational and Speech Therapists undertake to gain written consent where requested by the client,
otherwise verbal consent will suffice.

8.3. WITHDRAWAL OF CONSENT

Date of Compilation: 2021/02/20 Page 10

Irene Occupational and Speech Therapists undertake to comply with the POPI Act in terms of Client Consent
withdrawal.

9. PROHIBITION ON PROCESSING OF SPECIAL PERSONAL INFORMATION

Unless a general authorisation, alternatively a specific authorisation, relating to the different types of Special or
Personal Information applies, a responsible party is prohibited from processing Special Personal Information. Such
information includes:

• Special Personal Information that relates to the religious or philosophical beliefs, race or ethnic origin,
trade union membership, political persuasion, health, sexual orientation or any biometric information of
a Client.
• Special Personal Information includes criminal behaviour relating to alleged offences or proceedings
dealing with alleged offences. 

10.PROCESSING OF PERSONAL INFORMATION OF MINORS

Prohibition on processing Personal Information of minors only applies to persons under the age of 18 years and
accordingly an age check will be required for all Personal Information records.

General authorisation concerning Personal Information of a minor will have to be obtained from the minors’ legal
guardian.

11.THERAPISTS AND EMPLOYEES TRAINING AND ACCEPTANCE OF RESPONSIBILITIES

11.1. DOCUMENTATION

Information for Irene Occupational and Speech Therapists, employees, locum therapists, Occupational or Speech
Therapy students or clients is contained in this policy document and other material made available by the
Information Officer.

11.2. INDUCTION

The Information Officer, Sumien du Plessis, will ensure that all Irene Occupational and Speech Therapists,
employees, locum therapists, Occupational or Speech Therapy students or clients who have access to any kind of
Personal Information will have their responsibilities outlined during their induction.

11.3. CONTINUING TRAINING

Date of Compilation: 2021/02/20 Page 11

The Information Officer, Sumien du Plessis, will provide opportunities for Irene Occupational and Speech Therapists,
employees, locum therapists, Occupational or Speech Therapy students or clients to explore POPI Act issues through
training, team meetings and supervision.

11.4. PROCEDURE FOR THERAPISTS AND EMPLOYEES SIGNIFYING ACCEPTANCE OF POLICY

The Information Officer, Sumien du Plessis, will ensure that all Irene Occupational and Speech Therapists,
employees, locum therapists, Occupational or Speech Therapy students or clients sign acceptance of this policy once
they have had chance to understand the policy and their responsibilities in terms of the policy and the POPI Act.

11.5. POLICY REVIEW:

The Information Officer, Sumien du Plessis, is responsible for the annual review to be completed prior to the policy
anniversary date.

The Information Officer, Sumien du Plessis, will ensure that Irene Occupational and Speech Therapists are consulted,
as part of the annual review to be completed prior to the policy anniversary date.

Date of Compilation: 2021/02/20 Page 12