Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Six things to improve PoPIA readiness

Issue 3 2021 Editor's Choice

By Anna Collard, SVP Content Strategy and evangelist, KnowBe4 Africa.

In October 2020, the KnowBe4 and ITWeb online data protection survey found that when it comes to the preparedness of their organisation for PoPIA compliance, just under one-third (30%) indicated they were well prepared, while 39% said they were ‘somewhat’ ready, but more work needs to be done.

Anna Collard, SVP Content Strategy and evangelist for KnowBe4 Africa, shares six things that can be done to improve your PoPIA readiness:

1. “Education and awareness should be a top priority for organisations as we approach the PoPIA deadline,” she says. “This is critical at every level of the business, from top management down to every person who works at the organisation. Everyone has to be aware of their responsibilities with regards to handling personal information and their roles when it comes to the safeguarding of personal information.”


Anna Collard.

People unfortunately are also the ones who react to phishing with emotion and make mistakes that can cost the business money and reputation and that can put critical data systems at risk. “People play a massive role in ensuring that the organisation remains PoPIA-compliant and the organisation remains secure and safeguarded,” says Collard. “They need consistent training and education so that their understanding of the threats can translate to ongoing protection of information within the organisation. And to their own security hygiene practices as well.”

2. Secondly, organisations can really benefit from implementing the role of a dedicated information officer – a role that should be created specifically for the task of ensuring compliance and understanding. The duties of the information officer include, amongst others, to attend to the development and implementation of a compliance framework, ensure that internal PoPIA awareness sessions are conducted and conduct assessments to identify any risks and necessary safeguards to the personal information processed.

3. Thirdly, conduct a data mapping exercise that identifies what type of personal information the organisation collects, whom this information is shared with and where it is stored. This is immensely valuable as it not only highlights areas of vulnerability that may not have previously been identified, but it also identifies potential risks that can be alleviated prior to PoPIA coming into effect. “This exercise can also be used to raise awareness and form part of an overall education drive, as it typically involves interviews with all major department heads,” notes Collard. “Once this is done, it should be followed with a privacy impact assessment (PIA), that identifies the risks and what could possibly go wrong in an environment. It is a practical step that plays a pivotal role in embedding a more robust security foundation into the organisation.”

Part of the PIA would require a review of the security controls. This will help refine the controls that are in place and identify what has to be improved on. For organisations that do not have these skills or systems in place, they can collaborate with a third party that can help conduct these types of risk assessments and reviews.

4. “Speaking of third parties, make sure you unpack who you share the personal information with, how compliant they are and what controls they have in place,” adds Collard. “They are as much a target as the business, so if they have any vulnerabilities, they can put your organisation at risk. Just make sure that the boxes are ticked with every service provider, platform and system so you are secured and compliant.”

5. Consider hiring a consultant who can go through contracts and online privacy notices and every other space where information is collected, to ensure that the right notices have been put in place. These notices must be written in plain English and specify why the information is collected and how it is used so that consumers are informed and aware.

6. “The last thing that you should consider is to define the processes that make up your compliance programme and data breach processes,” concludes Collard.

“If there is a breach, who will notify the regulator, who will notify the customers and the media and what will employees be allowed to say – these are just some of the considerations that should be unpacked in advance to ensure the organisation is absolutely ready for whatever may be ahead.”




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...
IQ and AI
Leaderware Editor's Choice Surveillance AI & Data Analytics
Following his presentation at the Estate Security Conference in October, Craig Donald delves into the challenge of balancing human operator ‘IQ’ and AI system detection within CCTV control rooms.

Read more...
Onsite AI avoids cloud challenges
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure AI & Data Analytics
Most AI programs today depend on constant cloud connections, which can be a liability for companies operating in secure or high-risk environments. That reliance exposes sensitive data to external networks, but also creates a single point of failure if connectivity drops.

Read more...
Toxic combinations
Editor's Choice
According to Panaseer’s latest research, 70% of major breaches are caused by toxic combinations: overlapping risks that compound and amplify each other, forming a critical vulnerability to be exploited.

Read more...
Continuum launches centralised access and identity management
Editor's Choice Access Control & Identity Management Integrated Solutions Facilities & Building Management
Continuum Identity is a newly launched company in the identity management and access control sector, targeting the complexity of managing various Access and Identity Management (AIM) systems.

Read more...
Making drone security more accessible
Editor's Choice Integrated Solutions Residential Estate (Industry) AI & Data Analytics IoT & Automation
Michael Lever discusses advances in drone technology, focusing on cost reductions and the implementation of automated services, including beyond line of sight capabilities, for residential estates with SMART Security Solutions.

Read more...
Private fire services becoming the norm?
Technews Publishing SMART Security Solutions Editor's Choice
As the infrastructure and service delivery in many of South Africa’s major cities decline, with a few, limited exceptions, more of the work that should be done by the state has fallen to private companies.

Read more...
View from the trenches
Technews Publishing SMART Security Solutions Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
There are many great options available to estates for effectively managing their security and operations, but those in the trenches are often limited by body corporate/HOA budget restrictions and misunderstandings.

Read more...
SMART Estate Security Conference KZN 2025
Arteco Global Africa OneSpace Technologies SMART Security Solutions Technews Publishing Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
May 2025 saw the SMART Security Solutions team heading off to Durban for our annual Estate Security Conference, once again hosted at the Mount Edgecombe Country Club.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.