by Anne-Marié Pretorius
The Protection of Personal Information Act (POPI) is an opportunity for South African corporates to enforce sound business practices across the board and effectively ‘clean house’. South African companies are on the low end of the spectrum when it comes to information security spending but POPI encourages employers to update the aspects of business where personal information is affected, especially where many large companies have been guilty of taking a reactive approach to POPI – which could have severe consequences.
Companies are adopting a ‘wait-and-see’ approach with POPI because a regulator has not been appointed and an official deadline hasn’t been formalised. Companies need to drop this methodology, considering the substantial time and focus that POPI implementation requires. Organisations that fail to comply with the new act may face severe punitive consequences.
What are the implications for SA’s international partnerships?
Europe enforces strict personal information security conventions and South Africa – as a major trade partner – will need to follow similar guidelines. Increasing data security and quality, among others, will greatly benefit those businesses that rely on trade with Europe and the US.
Look internally for security breaches
Security breaches at a business level are not always external. Often, security breaches come from inside cases like the ‘innocent’ sharing of passwords, scribbling said passwords onto scraps of paper or leaving portals logged-on when leaving a work station.
Education is a critical step in the adoption of POPI – specifically laying out what is and isn’t acceptable in the workplace. A good example of this is the company’s printers. We’re all guilty of printing documents and forgetting to collect them from the communal printer. Printers are a huge risk area and may often be the source of company fraud.
Implement solutions now to address the future
It is recommended that companies use multifunctional project teams to implement the change management process required to comply with POPI as this creates the required focus and momentum.
Approaching POPI from a legal perspective or compliance perspective only is not the correct way to tackle this diverse act. It’s critical to manage it holistically and with a customised team that can effectively cover all elements including systems, people and IT.
This article first appeared on HR Pulse.