POPI Act: reports of an official start date are falsePublished on 03 Apr 2020
It has been widely speculated that the South African President would proclaim 1 April 2020 as the official start date for the Protection of Personal Information Act (POPI Act). Despite a number of media reports stating this would definitely happen or had happened, the truth is – it hasn’t.
The President is understandably focused on managing the impact of the COVID-19 pandemic. And while data privacy remains an important issue, it becomes secondary when the health of South Africa’s people is under such dire threat.
Until the POPI Act is fully enacted, the information regulator can conduct investigations into data breach events, but lacks the legal power to impose penalties on organizations that are negligent when it comes to the protection of personal data.
Our expert’s view on what organizations and individuals should do to protect personal information during this time
Unfortunately, in a crisis such as the COVID-19 pandemic, the resulting fear and anxiety creates a fertile environment for cybercrime. Phishing is on the rise, with numerous scams using COVID-19 fears to trick anxious people into clicking links or downloading documents that contain malicious software (malware). Emails asking for donations and claiming to be from legitimate sources, like the WHO, are doing the rounds.
Individuals need to be vigilant and not share their personal information on any site, unless absolutely sure of the authenticity. No legitimate organization will ask for internet banking information, such as a pin code, by email, and any such request should be reported directly to the bank’s security team.
Organizations must continue educating customers about what they should, and should not, expect to receive by email. Most organizations, especially banks, publish information about scams that use their brand on their website. In a time of anxiety and stress, this information should be provided to customers through as many channels as possible to minimize the likelihood of a customer getting scammed.
Regardless of the start date for the POPI Act, both organizations and individuals must take responsibility for continuously improving the protection of personal information, because the sad fact is that cybercriminals continuously improve their devious methods.