POPI Act alert: some key rules you may have missed
07 October 2020 | Web Article Number: ME202020776
AS many companies try to come to terms with operating within COVID-19 parameters, the announcement by the Presidency in June regarding several of the remaining sections of the Protection of Personal Information Act (PoPIA) becoming enforced may have passed unnoticed.
That’s according to Anelda Dillon, Senior Consultant at Bizmod, who said there are a number of additional sections that have been added and will come into effect. “These additional sections will no doubt influence the way we work going forward and the way that businesses operate.”
Dillon said COVID-19 had already significantly changed the way we work by increasing remote working. “We expect that for many this will continue to be a norm for some time still.”
She said organisations needed to prioritise a plan to focus on data access, information security and data management. In addition, the behaviour of employees has and will need to continue to change as engagement becomes more remote.
“This means that people’s privacy needs to be respected at all times without jeopardising the information protection controls that will need to be put in place.”
She added that organisations need to be aware that information privacy is more than compliance to the POPI Act as there are additional industry specific regulations and standards that need to be onboarded within organisations. “The onus is also on the business to be aware of any protocols required by different countries if operating across borders.”
Dillon offered some tips to help ensure compliance:
- For all sections of POPI to be successfully implemented the buy-in and commitment from the leadership team is integral.
- The Information Privacy Officer should be able to hold Deputy Information Officers (heads of business responsible for information protection in their areas) accountable for their departments and business unit’s compliance.
- Functional and user-friendly processes and technology platforms and systems need to be created and implemented.
- Creating aligned approaches across the organisation, especially relating to direct marketing, data subject, incidents and breaches.
- Customer and third-party engagement strategies will need to be re-designed to meet the new requirements.
- Alignment throughout the business, especially when it comes to big corporations comprising of multiple business units, departments, additional legal entities and branches.
- Constant communication enforcing a culture of awareness and commitment to the safeguarding and protection of personal information.
“Many companies will be faced with the challenge of fostering a culture where employees feel connected whilst still adhering to the information privacy requirements. Companies are going to become increasingly reliant on the integrity and establishment of trust with employees when working offsite and being required by law to protect information.”