Technology will not resolve POPI problems

October 2014 Security Services & Risk Management

The Protection of Personal Information Act (POPI) is often mistakenly compared to Acts such as Consumer Protection, and subsequently not taken very seriously. This is a grave mistake and could cost a company, most especially an SME, a big loss in revenue says Drew van Vuuren, CEO of 4Di Privaca.

POPI has been signed into law, and businesses should therefore be taking this particular Act seriously, giving it the respect and notice that it deserves.

POPI holds organisations liable for the security of their customers’ information, and because most, if not all, businesses deal with personal data in some way or another, whether it is employee or client information, all businesses are affected. In the EU the fine for contravening data privacy is £85 million, an indication that globally data protection is taken very seriously, and with POPI signed into law, businesses should beware as South Africa is not far behind.

Technology plays a role in the remediation component of the POPI requirements. Systems like data loss prevention, encryption, database management tools and access governance go a long way in assisting organisations to meet remediation gaps, however, technology should not sit alone as a solution, and is no silver bullet for adherence to the Act.

Technology will not be able to address the myriad of challenges dictated by the principles laid out in the Act. For example, principle seven in the Act deals with information security, which is not only about technology; it consists of people, processes and technology, and businesses relying too heavily on the technology component tend to falter when considering the requirements to comply under POPI. User behaviour is a prime example of where technology cannot solve the challenge – security awareness and defined policies on how users’ process personal data will address this.

The biggest challenge for organisations is knowing where the personal data is being processed. Data owners are spread through an enterprise, and managing a co-ordinated process of data capture, analysis and archiving, is difficult if not impossible. Although technology can assist with this process, ensuring authoritative data sources are the biggest challenge when understanding where an organisation has placed personally identifiable information.

Organisations electing to ignore the POPI requirement should beware of the dangerous implications. The gamble could result in both financial as well as reputational loss, risking business closure through liabilities imposed by the regulator and the loss of confidence from suppliers, customers and peers in the industry.

The role of POPI in any organisation should be assigned to a business function defined as data protection. There is a requirement for a data protection officer, and it should be this resource’s responsibility to manage the compliance process, represent the business to the regulator and be the contact point for data subjects who are querying the business on the data they hold on them.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...
What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

Read more...
More than just a criminal record check
iFacts Security Services & Risk Management
When it comes to human-related risks, organisations and their most senior leaders focus on a narrow set of workforce risks, the potential risks that human workers pose to the business.

Read more...
Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Read more...
Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Read more...
The business value of ChatGPT
Security Services & Risk Management Risk Management & Resilience
Transparency, policy and integrity. It is critical for organisations to have a line of sight into processes and procedures that clearly define employee use cases when it comes to ChatGPT, says Lizaan Lewis, Head of the Legal Department at Altron Systems Integration.

Read more...
BMS for smaller businesses
Security Services & Risk Management Products & Solutions Risk Management & Resilience
Small businesses can also benefit from tailored energy management solutions just like large corporations. Effective energy management is essential for more sustainable and efficient operations.

Read more...
Kidnapping for ransom
News & Events Security Services & Risk Management Risk Management & Resilience
There has been an 8,6% increase in reported kidnapping cases in South Africa compared to last year, with 3 854 cases reported between April and June this year, leaving ordinary South Africans increasingly vulnerable.

Read more...
The difference between a SOP and a SOP
Residential Estate (Industry) Integrated Solutions Security Services & Risk Management Risk Management & Resilience
SOPs are a touchy issue that need careful attention and automation to ensure they deliver the desired security results. Beyond design and automation, implementation is the ultimate road to success.

Read more...