POPIA now a reality in SA
THE Protection of Personal Information Act (Popia) was passed by parliament on November 26, 2013 and is expected to become effective in the next 12 to 18 months. The act might be of some significance for local for businesses in Polokwane.
THE Protection of Personal Information Act (Popia) was passed by parliament on November 26, 2013 and is expected to become effective in the next 12 to 18 months.
The act might be of some significance for local for businesses in Polokwane.
Popia has been identified as a core act and the penalties for not complying with this act are high. Besides the penalties, the loss of reputation is even a higher.
This act aims to give effect to the right to privacy as described in the Constitution by introducing measures to ensure the personal information of individual and juristic people are safeguarded when it is processed by organisations.
Popia also aims to balance the right to privacy against other rights, particularly the right to access to information, and to generally protect important interests, including the free flow of information within and across the borders of South Africa.
The purpose of the Popia is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise the personal information in any way.
Due to the nature of the operations, businesses are exposed and process vast amounts of sensitive personal information in various forms on a daily basis and are therefore directly affected by Popia.
A Protection of Personal Information Implementation (Popi) is not to be seen as a ‘once-off’ compliance project as it requires a fundamental change in the manner in which business is conducted.
When change is introduced to any organisation, there will ultimately be an impact on one or more aspects of how the organisation operates, therefore Popi is also not only a technology issue, regardless of how automated an organisation may be.
Personal information is not only kept as structured information, but also as unstructured information and it directly interacts with business processes, technology and employees.
Over and above the privacy breach incidents, South African organisations are part of the global community and have a duty to the country’s foreign counterparts to adhere to the Generally Accepted Privacy Principles (GAPP) or face the consequences.
The consequences if not compliant are significant and may even result in the loss of a licence to trade.
Even if the penalties are paid, the loss of reputation is huge and this can have a devastating effect on any organisation.
At this stage, an information regulator will be appointed within the next months.
The regulations are being drafted and there is also an expectation that it will be published soon.
If all the provisions come into effect, organisations will have 12 months to comply with the Popi Act.
Although this might seem like a long time given to organisations to be ready to comply with the Popi Act, the implementation of Popia compliant measures in an organisation can take much longer than 12 months.
status of the organisation currently in relation to Popia (as is).