FANews
FANews
RELATED CATEGORIES
Category Legal Affairs
SUB CATEGORIES General | 

KPMG: POPI takes effect

14 April 2014 KPMG

It has now been announced that certain sections of the Protection of Personal Information Act (POPI) came into effect on 11th April 2014. The relevant sections deal with the establishment of the information regulator, the procedure for making regulations and the nature of the regulations which the Information Regulator may make with regards to POPI (including how complaints will be submitted, investigations, administrative fines and the responsibilities of the information officer of a company), amongst others.

The fact that the provisions allow for the establishment of the Information Regulator before the remaining provisions of POPI become effective means that companies cannot rest on a belief that the establishment of the regulator will cause further delays with regards to the implementation of this legislation.

POPI aims to give effect to the constitutional right to privacy of consumers by introducing measures to ensure that organisations process personal information in a fair, responsible and secure manner. The legislation covers why and how they collect, use, disclose and store personal information belonging to natural and juristic persons.

Graham Teare, head of KPMG’s privacy multi-disciplinary team in South Africa, says, "Globally, we are seeing a move to enforcing privacy protection, with significant regulatory fines in the cases of non-compliance.”

All companies, that process personal information, are required to comply with POPI. Non-compliance has serious consequences, such as fines and possibly, prison terms, and most significantly reputational risk.

"Organisations should not underestimate the potentially negative effect of a non-compliance on the company’s reputation,” says Teare. "The consequences of a tarnished reputation, including customers’ loss of trust in the organisation could far exceed the effects of a fine.”

Nikki Pennel, KPMG legal privacy specialist, acknowledges that most companies have some sort of privacy standards and processes in place. However, she suggests that organisations conduct an analysis identifying gaps in their current state of privacy readiness for compliance with POPI.

"Critical to the gap analysis is identifying practical strategies which can be implemented easily and are aligned to the operations of business,” explains Pennel.

Teare suggests that "POPI should be considered from a number of perspectives - legal, business processes, systems and overall governance, amongst others.”

Complying with POPI is challenging as proven in the Breaches of Privacy and Loss of Data Survey, conducted by the Ponemon Institute (using 2012 data), on breaches of privacy in the United Kingdom. The survey identified negligent employees or contractors (37%), system and business process failures or glitches (29%), malicious or criminal attacks (34%) as root causes for data breaches.

"Companies therefore need to ensure that their current processes, employees or contractors and systems can handle the potential demands POPI could place on them,” cautions Teare. "The Act should not be viewed in isolation. It provides a broad framework but must work in conjunction with other industry-specific legislation which touches, to some extent, on data protection.

"POPI requires a dedicated team of specialists with a full complement of privacy experts to assist clients navigate the new legislation,” explains Teare. "An effective POPI team should comprise of specialists from Corporate Law, Information Technology, Regulatory Compliance team and Forensics. The POPI solution will have to be commercially-focused, client-centric and practical.”

Quick Polls

QUESTION

How effective do you think technology is in improving compliance processes for FSPs?

ANSWER

Very effective – it streamlines and automates processes
Somewhat effective – helps but can't solve all issues
Not effective – technology can't replace proper oversight
fanews magazine
FAnews August 2024 Get the latest issue of FAnews

This month's headlines

Women’s Month spotlight: emphasising people and growth in the workplace
The power of skills transfer and effective mentorship
Advisers and investors hold thumbs the GNU will restore bond and equity valuations
What are the primary concerns of insurers and brokers?
The Two-Pot System: regulatory challenges ahead
How comprehensive is your clients' critical illness cover?
Subscribe now