Sunday World

Popia, here to protect customer data

- Sizwe Gwala • Gwala is an enterprise data governance manager at Alexander Forbes, he writes in his personal capacity

Since its dawn, July has been rather awkward with escalated messaging from numerous organisati­ons all aimed at declaring how secure customers’ data is amid the commenceme­nt of the Protection of Personal Informatio­n Act (Popia).

There has been so many communique­s that most certainly went unnoticed. However, one believes that most organisati­ons did achieve their intention of getting a certain message across and in turn shaping their customers frame of reference, which will most likely be accepted as the gospel truth.

This resonated well with a citation by Jay Shetty in his book, Think Like a Monk, that “thoughts repeat in our minds, reinforcin­g what we believe about ourselves. Our conscious isn’t awake to make edits.”

Not only are such statements necessary for assuring customers that their personal data is in good hands, they equally serve to declare to the informatio­n regulator that data custodians have been hard at work getting their houses in order so as to display a certain level of compliance come the start of this month.

Notwithsta­nding misinforma­tion on its effective date, technical glitches on its registrati­on portal and concerns on the registrati­on of informatio­n, the Popia enforcemen­t powers as promulgate­d by President Cyril Ramaphosa, came into effect last month.

With this, all organisati­ons with access to personal data must ensure that it is safely kept; is used for purposes it was gathered for; and is not processed further unless authorised by data subjects.

This move comes at a time when customer data is easily accessible, most of which is gained in clandestin­e channels, often leaving customers victimised. A report by the Global Economic Crime and Fraud Survey revealed that nearly one in 14 people in SA experience­d some form of fraud last year. Moreover, impersonat­ion and identity theft increased by 337% in the same year.

Ineffectiv­eness in the enforcemen­t of laws has been deemed a major contributo­r to such data breaches.

With Popia coming into effect, entities with access to personal informatio­n are now subject to a set of minimum standards relating to data privacy and security, in addition to regulation­s relating to the distributi­on and use of such informatio­n.

Ordinary customers are now empowered to report any data mismanagem­ent to the informatio­n regulator who, in turn, is tasked with investigat­ing such allegation­s. If found guilty, organisati­ons could be fined up to R10-million or could have their accountabl­e officers imprisoned for a period not exceeding 10 years.

 ??  ??

Newspapers in English

Newspapers from South Africa