Popi act
Does PoPIA Force Businesses to Rethink Data Strategies for the Better?
The moment has arrived: last week the Protection of Personal Information Act (PoPIA) came into force. It hasn’t been sprung on us, the process has been ongoing and businesses have been anticipating their compliance obligations for years. PoPIA, much like the General Data Protection Regulation (GDPR) in the EU, exists to support the protection of personal information processed by public and private organisations. There are strong penalties for noncompliance. PoPIA is Live Now that the Act is live, there are several ramifications for businesses, but a few – anecdotally at least – have given executives more sleepless nights than others. Companies must allow data subjects to object to their data being processed, as well as have the right to revoke previously given consent at any time. When a c...
PoPIA Deadline Extended – Information Officer Registration Portal Broken
After a series of technical glitches with the Information Regulator’s registration portal for information officers looking to achieve compliance with the PoPI Act, the 1 July 2021 compliance deadline has been scrapped. In a statement released on Tuesday, the Information Regulator said that this decision is also based on numerous concerns raised by responsible parties regarding the registration process. “The regulator is currently looking into alternative registration processes and will communicate this in due course. We understand that our portal malfunctioning has caused a lot of anxiety and panic and for that, we really do apologise,” Information Regulator chair Pansy Tlakula said. Deadline Extended by 1 Year With this, the regulator has extended the applications for prior authorisation ...
SA Schools May Face Penalties for PoPIA Non-Compliance
Image sourced from Business Tech. /* custom css */ .tdi_4_b41.td-a-rec-img{ text-align: left; }.tdi_4_b41.td-a-rec-img img{ margin: 0 auto 0 0; } With the third wave of COVID-19 crashing upon South Africans and amidst increasing calls for schooling to be temporarily suspended, it could prove helpful for educational institutions across the country to use the time away from teaching to put some focus into protecting their data privacy. Schools and other tertiary institutions store and process more personal information than most other organisations, they are by far the most affected by the Protection of Personal Information Act, No 4 of 2012 (PoPIA), which comes into effect on 1 July 2021. PoPIA Applies to Schools, Universities /* custom css */ .tdi_3_cab.td-a-rec-img{ text-align: left; }.tdi...
Cybersecurity Is More than A Tech Problem – It’s a Business Problem Too
Image sourced from Finance Times. A concerning number of South African companies are not prepared for the inevitability of a cyberattack despite the significant financial and reputational risks, according to Ryan Mer, MD, eftsure Africa, a Know Your Payee (KYP) platform provider. “Too few senior managers view cybersecurity as a business problem and not just a technology problem,” he says. “The reality is cybersecurity is very much a business consideration. CEOs and CFOs will eventually face critical questions such as: How much money do we spend on cybersecurity? Do we change key processes? How do we create awareness and change company culture? Do we put security ahead of operational functionality? What is the role of internal processes and staff on data security and integrity?.” Mer adds t...
Why POPIA Compliance is not just an IT Problem
Since its implementation in 2018, the General Data Protection Regulation (GDPR) has become a global standard in protecting end-users from the unlawful use or dissemination of their personal information. South Africa’s Protection of Personal Information Act (POPIA), set to commence in July 2021, is modelled on GDPR, and it affects all businesses. While many organisations believe that POPIA compliance will not affect them, or that it is just an IT problem, this is a short-sighted attitude that could see them falling foul of the law. Compliance requires business and IT to work together to manage data effectively, which at the same time provides a number of business benefits. The buck does not stop with IT POPIA is an umbrella data protection law that governs how businesses need to handle data...
How SMEs Should Protect Themselves from Cybersecurity Attacks
Stefan van de Giessen, General Manager: Cybersecurity at Networks Unlimited Africa Small and medium enterprises (SMEs) are widely acknowledged as playing a critical role in South Africa’s economy, and yet they are also potentially more at risk in terms of their ongoing survival than larger enterprises. According to a recent McKinsey report, SMEs in South Africa employ between 50 and 60% of the country’s workforce across all sectors. At the same time, SMEs arguably face a number of challenges, which can potentially weigh on them more heavily than on larger enterprises. These particular areas of concern include attracting customers; maintaining profitability; increasing revenue; facing greater uncertainty during economic down-turns, and securing financing for expansion. Now add in the issues a...
Why Security Systems are Only as Successful as the People Who are Behind Them
In May 2020, the personal records of more than 24 million South Africans and nearly 794,000 companies were handed over to someone impersonating a client. The personal records, identity numbers and addresses of millions of people and thousands of businesses were given to this person because they had fooled the system. It’s a hard lesson in how important it is to embed security not just into the technology and the devices of a company, but into its people. According to Anna Collard, SVP of Content Strategy at KnowBe4 Africa, security is not just the responsibility of IT – it is the responsibility of every single person in an organisation. “It is critical that organisations create a culture of security in order to combat this increasingly hostile security environment,” she adds. “A successful...
Security Flaw in Health Startup Exposed User Accounts and Medical Information
Sourced from LogBox. LogBox, a South African medical data startup that claims it is an “absolutely secure” way to replace paper forms and documentation in sharing patient data with doctors, has exposed user accounts and sensitive patient data following a lapse in security. Anurag Sen, a security researcher, found an exposed database belonging to the company. The database contained account access tokens for thousands of LogBox users, which if used would grant full access to the accounts and the information therein of users without even needing to input a password. Sen had reported to LogBox that their database has been exposed, but did not hear back. TechCrunch writes that the database has been pulled offline as soon as it reached out. LogBox’ database leak comes just as the country’s new d...
New POPI Act Regulations – Here’s Everything You Should Know
Sourced from Europa EU. Progress is being made to promote the protection of personal information in South Africa. President Cyril Ramaphosa has announced the commencement of parts of the Protection of Personal Information Act (POPIA). The remaining provisions of the Act will be addressed once the Information Regulator assume its powers, functions and duties in terms of the Act. The sections that will commence today, 1 July 2020 and include the conditions for processing personal information, procedures for dealing with complaints and provisions regulating direct marketing by means of unsolicited electronic communication. Sections 2 – 38, 55 – 109, 111 and 114 (1), (2) and (3) commences on 1 July 2020 and Sections 110 and 114(4) will commence on 30 June 2021. What does this mean? According t...
