We often hear complaints about the additional red tape that compliance with the Protection of Personal Information Act, 2013 (POPI) will impose on business. Although compliance will be a continual process, it should not be viewed as an impractical or overly burdensome task. POPI is not aimed at restricting business and should be applied practically. Often the answer involves common-sense measures that are relatively easy to implement without having a detrimental impact on your business.
Below are three reasons why POPI is good for us:
1. The right to privacy
The right to privacy in section 14 of the Constitution is broad and covers the privacy of your possessions, property and communications. The Constitution is effective in protecting people from the abuse of state power, for example unlawful searches by the police. It is seldom used to protect individuals against everyday violations of privacy – the direct marketer who won’t take you off its mailing list, your sudden inclusion on a database for which you did not give permission, or your former employer who retains your personnel file indefinitely without reason. POPI is a mechanism that enables people to access and enforce their privacy rights at a day-to-day level. For example, a person can request deletion of their irrelevant or out-dated personal information. The Act also appoints a regulator whose function it is to ensure that privacy rights are respected and upheld.
2. POPI is good for business and foreign investment
A number of jurisdictions around the world have already implemented data privacy legislation. Those laws govern the ways in which companies in those jurisdictions may transfer personal information to South Africa. As information has a central role in the modern global economy, restrictions on its flow hamper international business. POPI brings South Africa into line with international best practices in the field of data privacy. This makes South Africa a more appealing destination for foreign investment than countries which do not adequately protect personal information.
3. POPI will instil a culture of data security and data protection
South Africa is reported to have the third highest rate of phishing attacks in the world and it is estimated that South Africa loses R1billion a year due to cybercrime-related activities. Approximately 70% of South Africans have fallen victim to cybercrime compared to the global average of 50%. The FBI lists South Africa as the sixth most active country in which cybercrime takes place.
POPI requires organisations to implement minimum data security measures and standards. Greater security around personal information will make South Africa less appealing to cybercriminals. In addition, POPI provides the framework for the development of a culture of data security amongst individuals. It can be expected that as awareness of data security grows the likelihood of falling victim to cybercrime scams, such as phishing attacks, will fall.