SciELO - Scientific Electronic Library Online

 
vol.19 issue1Parallel planning mechanisms as a "recipe for disaster" author indexsubject indexarticles search 		Home Pagealphabetic serial listing  

Services on Demand

Article

Indicators

Related links

  • On index processCited by Google
  • On index processSimilars in Google

Share

Potchefstroom Electronic Law Journal (PELJ)

On-line version ISSN 1727-3781

Abstract

MILLARD, Daleen  and  BASCERANO, Eugene Gustav. Employers' statutory vicarious liability in terms of the Protection of Personal Information Act. PER [online]. 2016, vol.19, n.1, pp.1-38. ISSN 1727-3781.  http://dx.doi.org/10.17159/1727-3781/2016/v19i0a555.

A person whose privacy has been infringed upon through the unlawful, culpable processing of his or her personal information can sue the infringer's employer based on vicarious liability or institute action based on the Protection of Personal Information Act 4 of 2013 (POPI). Section 99(1) of POPI provides a person (a "data subject") whose privacy has been infringed upon with the right to institute a civil action against the responsible party. POPI defines the responsible party as the person who determines the purpose of and means for the processing of the personal information of data subjects. Although POPI does not equate a responsible party to an employer, the term "responsible party" is undoubtedly a synonym for "employer" in this context. By holding an employer accountable for its employees' unlawful processing of a data subject's personal information, POPI creates a form of statutory vicarious liability. Since the defences available to an employer at common law and developed by case law differ from the statutory defences available to an employer in terms of POPI, it is necessary to compare the impact this new statute has on employers. From a risk perspective, employers must be aware of the serious implications of POPI. The question that arises is whether the Act perhaps takes matters too far. This article takes a critical look at the statutory defences available to an employer in vindication of a vicarious liability action brought by a data subject in terms of section 99(1) of POPI. It compares the defences found in section 99(2) of POPI and the common-law defences available to an employer fending off a delictual claim founded on the doctrine of vicarious liability. To support the argument that the statutory vicarious liability created by POPI is too harsh, the defences contained in section 99(2) of POPI are further analogised with those available to an employer in terms of section 60(4) of the Employment Equity Act 55 of 1998 (EEA) and other comparable foreign data protection statutes.

Keywords : Vicarious liability; Protection of Personal Information Act; defences; comparison with Employment Equity Act; United Kingdom's Data Protection Act of 1998; New Zealand's Privacy Act 28 of 1993; Australian Privacy Act 119 of 1988.

        · text in English     · English ( pdf )

 

Creative Commons License All the contents of this journal, except where otherwise noted, is licensed under a Creative Commons Attribution License

Potchefstroom Electronic Law Journal
Faculty of Law, Private Bag X6001, North-West University,
Potchefstroom, North-West Province, ZA, 2520,
Tel: +27 18 299 1921