Guiding consumers since 2009

POPI Compliance may be a ‘last minute scramble’

By Isabelle Coetzee

Following the commencement date of the Protection of Personal Information (POPI) Act, businesses will have one year to become ‘POPI compliant’.

According to the 2017 POPI Act Compliance Survey, which was run by ITWeb, only 21% of their 265 respondents said they were POPI compliant.

Among the remaining respondents, 19% admitted they were not compliant, 26% said they were unsure whether they were, and 35% said they were busy getting their house in order.

But what does it actually mean to be POPI compliant?

Alison Treadaway, director and digital communication specialist at Striata, explains that POPI stipulates how businesses can legally process consumers’ personal information, such as email addresses, ID numbers, and cellphone numbers.

This is to protect consumers from having their information sold to the highest bidder or stored in vulnerable locations where hackers can easily access it.

To become compliant, businesses must prove that the personal information they collect is acquired responsibly and that it is adequately secured.

However, Treadaway points out that it’s difficult to get an accurate gauge of how prepared South African companies are for POPI.

She believes companies may have initially prepared for POPI, but that delays in implementing the legislation could have tempted them to put their efforts on hold.

“If the situation is anything like that which occurred during the implementation of the European Union’s General Data Protection Regulation (GDPR), then we’ll likely see a last-minute scramble,” says Treadaway.

A closer look at POPI

Treadaway explains that under POPI, organisations will only be able to collect personal information for a specific purpose.

Once collected, they need to apply reasonable security measures to protect it, ensure it’s up to date, remove information they no longer need, and allow consumers access to their own data.

Additionally, companies are required to appoint an information officer, who must ensure that data is constantly secured, new data is appropriately handled, and old data is destroyed.

“In essence, POPI gives consumers more control over how their data is used and stored by organisations,” says Treadaway.

If their data is compromised in a data breach, the Information Regulator will investigate whether the breach was caused by a lack of compliance of that organisation’s systems.

Thomas Vollrath, company head at 1-grid.com, believes data is a company’s most valuable asset, which means businesses should make sure they use the correct technology.

“Choosing the right data and document processing applications will put you on the right path to becoming compliant,” says Vollrath.

He adds that it’s important to remember that data leakage includes the accidental exposure of information by employees.

Therefore, companies must ensure they have security procedures and policies in place to regulate the use of information and data.

He believes in order to curb data being leaked, employers must ensure their staff members are educated on POPI compliance.  

“For those companies that only have the bare minimum amount of e-mail security and archiving and data storage, becoming POPI compliant will take some time,” says Vollrath.

POPI will require amending legal documents, consolidating data views, analysing subcontracting practices, and having control over cross-border data flows.

Whose information will be protected?

Vollrath pointed out that in the past, consumer data could be freely passed on and sold between companies, ranging from banks to telemarketers.

However, with the implementation of POPI, consumers will be able to report companies that handed out their personal data without their consent.

“Individuals will be able to take legal action if this is not respected, and it includes data that was shared before the Act’s implementation,” Vollrath adds.

The Information Regulator, appointed by the President on the recommendation of the National Assembly, will monitor the enforcement of the POPI Act.

If consumers are unhappy with how a company handled their information, they may submit a complaint to the Information Regulator, and an adjudicator will be assigned to the case.

“It is not clear when POPI will come into effect, mainly due to lengthy delays in appointing an Information Regulator and fully enabling its mandate and powers,” says Vollrath.

However, Juan Furmie, COO at ThisIsMe, warns that consumers should not feel that they will automatically be protected.

“POPI gives them the tools to protect themselves, but they still need to be proactive in using those tools,” says Furmie.

Consumers will be able to ask any company to view the information they have on them, if any, and request them to delete that information if there is no reason for them needing it.

“It gives power to the consumer, but ultimately everyone is at risk of cybercrime. It is up to each one of us to ensure we are careful about who we share information with,” urges Furmie.

Consequences of not being compliant

According to Vollrath, companies who do not comply with POPI risk financial losses, as well as penalties and even imprisonment.

“If a business is non-compliant, it will not only inflict damage on its reputation, but the company will also face a maximum fine of R10-million and a maximum jail term of 10 years,” says Vollrath.

“Becoming compliant is not just about obeying the law, it’s become essential to doing business in a data-driven world,” he explains.

Vollrath believes data protection can have real benefits for profitability and competitiveness because it gives businesses an advantage over those that do not protect their customers.

Recent Articles

Featured New homeowner? Be aware of these extra expenses

You’ve overcome all the hurdles of buying a home. You’ve managed to pay your deposit and your closing payments, and now you’re a proud title deed holder. However, there are other expenses waiting around the corner. Are you prepared?

Your biggest credit conundrums – answered

Understanding your credit health is one of the most important factors in managing your finances. This is because it gives you insight into your debt, your borrowing ability, and your financial history. While many understand this, there are still many questions on how to do just that.

Avoid debt collectors, choose debt counselling

There are two things you can do when you are struggling to pay your debt. You can either let your creditors hand your debt over to debt collectors – or you can let debt counsellors help you deal with your debt.

Retail notes: easy investment option for new investors

Being a newbie in the world of investing can be challenging because you don’t know where and how to invest. With so many investment options, you could easily be befuddled. Justmoney looks at how retail notes can help you cut your teeth in the world of investing.   

Deals

Spur's South African Combo Special

Price: R80
When: Mondays
Where: Nationwide

De'Vara Beauty Spa Monday Madness Special

Price: From R580
When: Mondays
Where: Cape Town

Pepperclub Hotel Summer Sale

Price: R1,701
When: From 23-27 October 2019
Where: Cape Town