We believe that the aim of the PoPI Act is to balance the right to privacy with the right to access the personal information of individuals and businesses. A difficult balancing act at the best of times.
Legal compliance by all businesses is for a very good reason. Issues such as cybercrime, the ease with which personal information can be exchanged, identify theft, and the sophisticated methods employed by criminals for unsuspecting individuals to part with key information, are some of the reasons why the Act is important. And also necessary. Cybercrime occurs and the perpetrators continuously learn new methods.
Protecting the personal information of clients, suppliers and employees is a key responsibility of business. Compliance with the Act is not a once-off exercise. It is an on-going journey. Accept that your systems and controls will be tested. Avoid your company becoming a data breach statistic.
The responsibility for compliance rests with the top management of every company. The CEO is the identified Information Officer in terms of the Act. He/she is likely to be dragged before a court of law and potentially embarrassed in the media should a data breach occurs. Not to mention the direct financial cost associated with it.
Be proactive. Develop and implement an incident management policy and procedure. Test it. Be ready to launch it as soon as a breach occurs. Remember, no systems are failsafe.