For South African based companies, the new Protection of Personal Information Act (POPI) is fast becoming a reality.
Consultants are driving this heavily and it seems that non-compliance could result in severe penalties for every transgression.
Your external board may even have requested that this new requirement is to become a priority on your list of governance items. IT along with your internal Audit & Risk department have been tasked to commence with this undertaking.
But how important is this really and how to approach it?
One of our IT Leader Mastermind groups recently tackled this question. Here is a summarised version of the outcomes.
Although there is no clarity on when POPI will become law, it is good business practice to attend to this proactively.
Eventually senior business leaders can be held personally liable for information breaches.
Generally, the POPI Act is a good thing as it forces businesses to start treating the handling of customer data as important.
A good first step is to classify all information assets (employee, client & supplier data) and broadly decide who should have access, for what purposes and for how long.
Only when this is in place, consider the technical aspects of how to implement these controls.
When it comes to POPI, nobody can ever be 100% compliant. The question is rather: What is the amount of effort you have applied to safeguard any personal information you collect as part of doing business? As long as you have good policies as well as good controls in place, you should be covered.
The last question is: Should this be a job for the IT department? General consensus is that IT plays a massive role in the process as they are ultimately responsible for the implementation, but they should work in close cooperation with the legal, audit and/or risk teams.
Business Agility Coach | Abundance Thinker | Helping Mid-Market Companies Evolve by Using the Kanban Methodology - As trained Industrial Engineer with close on 25 years' experience as IT Professional and Business Executive in the mid-market IT industry, Mathias Tölken loves to share his experiences and expertise with others.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.