Measuring the implications of Vicarious Liability under the Protection of Personal Information Act in Small, Medium and Micro Enterprises in South Africa

Master Thesis


Permanent link to this Item
Journal Title
Link to Journal
Journal ISSN
Volume Title
Protecting personal information has become of utmost importance in the digital age. The South African Protection of Personal Information Act has in some ways given the customer more control over how companies can contact them or sell their information to third parties. While this Act is in the best interests of both consumers and businesses in South Africa, there has been concern about how it is to be implemented, and many businesses have not yet introduced procedures to ensure compliance. Particular aspects of the Act make it unlike other legislation that inspired it. The vicarious liability clause specifies the employer as the party responsible should any breach be made by an employee within the company. Many researchers and those who work with the law find this clause particularly divisive, leaving little room for employers to prove they have made adequate changes and educate colleagues on new processes. Those who lack resources, specifically small, medium, and micro enterprises (SMMEs), are particularly at risk. This study surveys a sample of attitudes towards vicarious liability, and investigates processes that have been changed as a result of the Act within an SMME workplace in the Western Cape region. The results of the study demonstrate that while some employees claimed their colleagues were educated thoroughly, many were not aware of the consequences of vicarious liability, nor did they understand how it worked. There were clear apprehensions regarding general awareness of the Act on the part of both businesses and the general public. Many SMMEs are in the process of developing new standard operating procedures in the wake of this legislation, but there is still notable concern that there will not be enough time or resources to effect these changes. Further research needs to be done to recognise the challenges that smaller companies face as privacy policies continue to develop in South Africa. The country faces a unique set of challenges that cannot be compared to the socio-economic situation of the developing world.