P.O.P.I stands for the ‘’Personal Information Security’’ Act (which is where the ‘’A’’ comes from in POPIA). This rule is for corporations and individuals who process the personal details of their clients (or other people). This applies to everything from contact information, medical and financial records, age, gender, race, ethnicity, email accounts, phone messages, and the list goes on in layman’s terms. Basically, if its private information that belongs to a person, the POPI act covers and protects it. Does this mean we are not allowed to have the phone numbers of our friends and family saved on our phone? No, nothing extreme like that. More like a school ground boss, than a policeman, you are not authorized to collect and process personal data. It is simply adding rules that restrict what you can do with that data. This is done to preserve the privacy of all concerned individuals.
WHY IS POPI NEEDED?
Knowledge has become increasingly simpler and easier to find since the advent of the internet. A couple of Facebook and LinkedIn clicks, and you can know almost anything about someone. That is all the data, though that they have publicly released themselves. What happens when without their knowledge, information is published about their medical or financial history? That is why they put in place the POPI Act. To safeguard a person’s more personal details. When applying for a new bond, purchasing something online, or filing in an online survey, this data may be something typed in.
WHAT DOES THIS MEAN FOR COMPANIES?
Well as the POPI act relates to a wide range of industries and types of knowledge, this is a very broad issue. That said some of the key constraints on the POPI act are as follows:
The information must be relevant to the business
This ensures that a business that simply requires your contact information for example, a marketing company will not request medical records or bank statements.
Security measures are needed
To protect the information, organisations that collect information are expected to have security measures in place.
Expiry dates on information
Companies are only permitted to hold onto information for as long as they need it.
Data must be made available for the customer
Any customer who has provided the company with information has the right to ask the company for it and they are obliged to supply it. These are just some of the few areas covered by the act of POPI, and they illustrate why it is important. It functions both as a security net for personal data and as a safety net for business that process personal data.
THE GDPR: EUROPE’S POPI
There are more advantages to be had here, however, than just the security of South African records. Getting the POPI Act in place opens the door for EU companies to participate in online business. They have tighter and more rigorous rules on data security in Europe. With the POPI Act in effect, EU companies will be more likely to conduct business with South African small medium-sized enterprises, as they can trust us with more confidential details. For IT-based South African firms, this will open a lot of doors if they are POPI-compliant.
HOW DO I BECOME POPIA COMPLIANT?
There are many several businesses that provide workers POPI preparation, as well as POPI evaluations and solutions. This can be anything from sending someone to review your business and write a report on your POPI protection, to sending a consultant to do the above and then fixing all the issues. A DPO (Data Protection Officer) is also hired by many businesses. On a day-to-day basis, he or she oversees the general POPI security levels of the company. In addition, to protect your business from outside attacks, you can employ a company to install protections on your server.