Popia, here to protect customer data
Since its dawn, July has been rather awkward with escalated messaging from numerous organisations all aimed at declaring how secure customers’ data is amid the commencement of the Protection of Personal Information Act (Popia).
There has been so many communiques that most certainly went unnoticed. However, one believes that most organisations did achieve their intention of getting a certain message across and in turn shaping their customers frame of reference, which will most likely be accepted as the gospel truth.
This resonated well with a citation by Jay Shetty in his book, Think Like a Monk, that “thoughts repeat in our minds, reinforcing what we believe about ourselves. Our conscious isn’t awake to make edits.”
Not only are such statements necessary for assuring customers that their personal data is in good hands, they equally serve to declare to the information regulator that data custodians have been hard at work getting their houses in order so as to display a certain level of compliance come the start of this month.
Notwithstanding misinformation on its effective date, technical glitches on its registration portal and concerns on the registration of information, the Popia enforcement powers as promulgated by President Cyril Ramaphosa, came into effect last month.
With this, all organisations with access to personal data must ensure that it is safely kept; is used for purposes it was gathered for; and is not processed further unless authorised by data subjects.
This move comes at a time when customer data is easily accessible, most of which is gained in clandestine channels, often leaving customers victimised. A report by the Global Economic Crime and Fraud Survey revealed that nearly one in 14 people in SA experienced some form of fraud last year. Moreover, impersonation and identity theft increased by 337% in the same year.
Ineffectiveness in the enforcement of laws has been deemed a major contributor to such data breaches.
With Popia coming into effect, entities with access to personal information are now subject to a set of minimum standards relating to data privacy and security, in addition to regulations relating to the distribution and use of such information.
Ordinary customers are now empowered to report any data mismanagement to the information regulator who, in turn, is tasked with investigating such allegations. If found guilty, organisations could be fined up to R10-million or could have their accountable officers imprisoned for a period not exceeding 10 years.