POPI Act: countdown to compliance has begunPublished on 08 Jul 2020
The South African President proclaimed 1 July 2020 as the effective date for a number of remaining sections of the Protection of Personal Information Act (POPI Act).
Companies have a 12 month grace period in which to ensure their data processing and protection policies are updated, staff are trained and compliance can be appropriately evidenced;
After the grace period, the information regulator will have the power to conduct investigations into data breach events, as well as impose significant penalties on organizations that are negligent when it comes to the protection of personal data. The Act makes provision for fines of up to R10-million and possible jail time as penalties for failing to comply with its data protection requirements.
Our expert’s view on what organizations and individuals should do to protect personal information during this time
Consumers should continue to be vigilant about protecting their own data by never sharing personal information or banking details unless absolutely sure that the website is legitimate. It is also crucial that consumers educate themselves on what their service providers will and won’t do, as well as be aware of new scams that are being used to steal personal information.
Unfortunately, in a crisis such as the COVID-19 pandemic, the resulting fear and anxiety creates a fertile environment for cybercrime. Phishing is on the rise, with numerous scams using COVID-19 fears to trick anxious people into clicking links or downloading documents that contain malicious software (malware). Emails asking for donations and claiming to be from legitimate sources, like the WHO, are doing the rounds.
Individuals need to be vigilant and not share their personal information on any site, unless absolutely sure of the authenticity. No legitimate organization will ask for internet banking information, such as a pin code, by email, and any such request should be reported directly to the bank’s security team.
Organizations must continue educating customers about what they should, and should not, expect to receive by email. Most organizations, especially banks, publish information about scams that use their brand on their website. In a time of anxiety and stress, this information should be provided to customers through as many channels as possible to minimize the likelihood of a customer getting scammed.
Both organizations and individuals must take responsibility for continuously improving the protection of personal information, because the sad fact is that cybercriminals continuously improve their devious methods. With the countdown to compliance now set, at least we know that data protection will be legally enforceable from July 2021.
We can help ensure your customers’ personal information is protected throughout the communication lifecycle
Striata is a leading provider of digital customer communication solutions that improve customer experience and advance the digital transformation of a company’s communication strategy.