https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Africa|Financial|Flow|Infrastructure|SECURITY|Services|Systems|Flow|Infrastructure
Africa|Financial|Flow|Infrastructure|SECURITY|Services|Systems|Flow|Infrastructure
africa|financial|flow-company|infrastructure|security|services|systems|flow-industry-term|infrastructure
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Latest Data Breach Shines Spotlight on Protection of Personal Information

Close

Embed Video

Latest Data Breach Shines Spotlight on Protection of Personal Information

Latest Data Breach Shines Spotlight on Protection of Personal Information

2nd July 2018

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The recent cyber-attack and holding hostage of a South African insurance provider’s IT infrastructure has drawn attention to the dire need for effective protection of consumer data. While the company asserts that no financial losses have been encountered by any of its policy holders, it cannot currently confirm the volume of data and number of individuals that have been affected by this data breach.

Any organisation that handles consumer information will be significantly impacted by the introduction of data protection legislation. The Protection of Personal Information Act (POPI), which is expected to come into effect in 2018, prescribes how personal information may be stored, transferred and destroyed.

Advertisement

“All public and private entities will be required to comply with the legal obligations under POPIA,” says Billy Last, CEO of LexisNexis South Africa. “Non-compliance will result in severe penalties, fines and imprisonment in addition to reputational damage.”

Companies need to prioritise the enhancement of data security, the updating of vendor contracts and safeguarding trans-border flow of information. Entities will need to appoint an Information Officer and gain an understanding of the duties of the responsible party and the rights of the data subject, including how to be prepared and manage a data breach. 

Advertisement

The Information Regulator has been established and the draft regulations for POPIA published. Following the implementation of the Act, a grace period allows companies the necessary time to ensure that their systems are compliant and meet the requirements.

“It is important that companies do not wait until the grace period is over to make the necessary changes – in fact they should start now even before the Act is promulgated,” says Last. “The Act will also oblige companies to report data breaches and detail their strategy for rectifying same.”

Last said the newly released book, A Commentary on the Protection of Personal Information Act, examines the eight conditions of lawful processing, the difference between personal and special personal information and the exemptions, exceptions and exclusions as set out in the Act.

The authors set out the powers of the Information Regulator and possible fines, compensation and damages and cover the impact of the POPI Act on several important issues including employment law; non-automated and automated decision-making; outsourcing of processing; marketing and direct marketing; credit reporting and the Internet.

“This is the first South African publication that covers the requirements for compliance to the General Data Protection Regulation (GDPR) which came into force on 25 May 2018, linking the POPI Act to these compliance obligations and has application to SA companies,” says co-author Ahmore-Burger Smidt. “Companies that offer goods or services to people in the European Union (EU), or monitor the behavior of people in the EU, will have to comply with the GDPR.”

POPI will bring South Africa in line with international data protection standards. It is widely accepted that the European Union has been at the forefront of the development of the framework for the protection of personal information. It is for this reason that the authors of A Commentary on the Protection of Personal Information Act have relied extensively on the General Data Protection Regulation (GDPR) to provide guidance on how POPI is likely to be implemented.

A Commentary on the Protection of Personal Information Act retails for R500.00 excluding VAT and delivery and will be available for sale from 5 July 2018 from the LexisNexis online store.

Print ISBN: 9780409123418 and Ebook ISBN 9780639003542

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za