Protect personal info or else...
IS the Protection of Personal Information (Popi) Act just another piece of legislation trumped up by politicians or is it just good business practice that has been neglected over the years ?
Gone are the days when companies could be lackadaisical in their approach to the protection of their client s personal information. Ignoring the Popi Act will soon result in hefty fines and even jail sentences.
Systems to store and protect personal information have become a major threat to organisations and, more specifically, to the businesses or individuals who entrust their personal or business information to them.
As a result, thousands of South African companies now find themselves in an uncompromising position.
Palladium Business Solutions managing director Stephen Corrigan says these risks can be split into three categories. Companies that acknowledge the rulings and opt to embed the risk and not take appropriate action to become Popi Act compliant. Secondly, companies that realise their current systems will soon be obsolete and are now taking steps towards compliancy.
And, finally, institutions that naively assume because they have a reputable software in place, wrongly adopt the view that [it] is enough to match the requirements of the act.”
The Popi Act is imminent, with an anticipated commencement date of July 2016. The legislation fundamentally indicates that personal information is a precious good and businesses found
…not to treat their clients information in such a way, will incur a strict penalty.
The Popi Act permits fines up to the value of R10-million with the possibility of a jail sentence. Pleas of ignorance and naivety of the act will not shield businesses from punishment. The severity of penalties will be determined solely by the extent of infringement and degree of negligence.
Because of the stringent penalties, it s imperative every business is mindful of the conditions of the Popi Act and exercises due diligence
Corrigan says determining which accounting software to purchase has never been so critical. The assumption that all accounting software providers are secure and Popi Act compliant, is a common misconception and companies need to be aware of this.”
The Popi Act demands adequate measures in place that allow companies to dictate and monitor employee access to client information. Not every registered employee on an accounting system needs access to the personal information of clients to carry out their duties. A system should possess security features that enable the company to tailor employee access to certain areas.
It s also imperative there are safeguards in place to ensure client information cannot be compromised, to consider how data is stored and how easily systems can be hacked or compromised.
At the end of the day, exercising due care in the protection of third party personal information shouldn t be regarded as another piece of laborious legislation, it s the right thing to do.”