It’s a new month and the last before the POPI Act becomes law.
If you think your business is exempt, think again. Even small businesses are going to have to take this Act seriously or risk reputational damage, large fines, damage claims or even possible imprisonment.
POPI places obligations on all businesses that process personal information. It is a complicated law which is difficult to summarise but here is the purpose summary taken from the preamble of the Act itself:
“To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.
Essentially, the POPI Act sets out to protect data subjects from having their personal data put at risk and provides them with rights and remedies. These risks are very real and can come in several forms such as identity theft, hacking of bank accounts and passwords or even becoming the target of persistent, unsolicited marketing calls. Various methods of stealing personal data can be employed, from the physical theft of paperwork and hard drives to cyber-attacks such as ransomware.
Businesses need to ensure that they have taken necessary measures to protect the personal information they collect, process and store and this applies equally to digital data.
- Do your customers upload their personal details to your website?
- Do you partake in email marketing? How do you take care of the information contained in your mailing list databases?
- What about the personal information contained in your emails- is it secure?
- How about your laptop- is it password protected and free of easy-to-access customer information?
The POPIA shines new light onto the importance of cyber security from a legal compliance perspective, but we shouldn’t forget just how vital IT security is in general. In many businesses, these digital assets are the lifeblood that gives rise to profit and protecting them is critical, even without Acts such as POPI obligating us to take action.
Make sure that you’re ready from 1 July 2021, get into the habit of scrutinising your systems and keep those valuable IT assets safe! Contact us if you need guidance and we’ll point you in the right direction!
For more reading, feel free to take a look at the following: