Businesses urged to not delay in ensuring personal information remains protected
JOHANNESBURG - Read up on how to protect company information.
Companies are urged to ensure their personal information remains properly secure and protected from breaches to avoid being penalised once the Protection of Personal Information (PoPI) Act comes into effect.
The PoPI Act, No 4 of 2013, promotes the protection of personal information by public and private bodies and stipulates how companies may collect, handle, store and discard information, with heavy penalties for those that fail to comply. Once the commencement date of the act is announced, companies will have a year to comply with it.
Wale Arewa, chief executive officer at Xperien, explained that many businesses have taken a wait-and-see approach, mainly due to a delay in the appointment of an information regulator, making them liable for heavy censure should any breaches occur.
“The reality is that if there is a breach, the financial implications can possibly cripple an organisation and if found guilty, companies will face potential civil claims, fines and reputational damage,” he explained.
“The act [forces] companies to introduce strict measures and guidelines that will safeguard the processing, usage and handling of sensitive information; it places a strict onus on businesses when it comes to handling personal information about their clients, staff and customers.”
Arewa urged company executives to take effective measures to ensure personal information is protected on all cellphones, before it is too late.
Furthermore, he stressed the importance of knowing what information to protect, because once companies know what this information is, steps can be taken to protect it. “Data encryption will help control what data leaves the organisation and also to ensure that data is not accessible.”
Other issues related to leaving information unsecured that Arewa touched on included cybercrime, which he stressed was growing at a rapid pace and would allow criminals in possession of personal information to use it to commit identity theft and fraud.
Arewa concluded by stressing the need to ensure that information remained protected, even when disposing of Information Technology (IT) assets, adding that most organisations have very little or no idea of how to do this. “By retiring technology assets wisely, customers can offset the cost of a secure IT asset disposition programme,” he said.
“Rather find yourself a third-party specialist with deep experience in secure IT asset disposition.”
At the time of publication, an information regulator was yet to be appointed, with former Independent Electoral Commission (IEC) chairperson, Advocate Pansy Tlakula, being recommended for the position. However, the recommendation needs to be approved by the National Assembly.
