Data Protection Question

By andrewfriedemann, 13 June, 2017

I would love some advice from any legal eagles in the group...

Recently our SETA is refusing to issue certification unless we email to them certified copies of Learners ID's, Enrolment Forms, and Highest Qualifications held.

Now I have a few major issues with this. Not that they want the info, but how they want it... Actually I do have an issue with them wanting it.

Firstly as I understand it, I cannot email a persons ID to a third party via un-encrypted email. That is against data protection laws. They also insist on it being a 'Certified Copy'. Woah.. hold your horses... If I scan a certified copy its no longer a certified copy is it, so what the point?

Their reasoning is that they need to ensure the Learner exists!!! Now if I was asking for funding for the learner I could understand this, but I am not, and the Learner is self funding, so what would the possible advantage be of me registering and claiming achievement for a learner that does not exist??? No I do not have a fetish for Certificates... Also if I was the type of person who would fake a learner, would I not also fake an ID document??

Then why do they need the learners existing highest qualification? Our program is level 4 and most learners are self employed. I cannot see the point other than someone is just trying to make work...

Now to get around the emailing private data to all and sundry, we set up a specific secure website, where designated people in the SETA can log in and view/download these documents. All secure, all in compliance with the law.... BUT they tell me they cannot log in as their software is too old.

Hang on again there.... If the software is so old it cannot log into a website with a username and password, then their IT is definitely not suitable to be emailing peoples ID's around the country as it is probably full of spyware and malware anyway. We have spent a fortune on a secure site that tracks every user down to the keystoke, and cross references IP addresses with authorized sites, but they will/can not log in to access the documents! Actually their software is not incapable of accessing the site, as I demonstrated it to them in their offices with their IT infrastructure.

My main concern is not being compliant with data protection laws, and protecting my learners, but I am being told I have to break the law or I don't get certification.

What do I do?


Copyright: Portal Publishing (Pty)Ltd | Privacy Policy | Terms of Use
Skills Portal | Careers Portal | Jobs Portal | Bursaries Portal | Skills Universe
About us | Contact us
Portal PublishingPress Council