Meeting the challenge of POPI

August 6, 2017

Complying with the Protection of Personal Information Act (POPI) will mean taking a long hard look at your organisation’s applications and databases. The same kind of methodical approach that got us successfully through the Year 2000 crisis is needed.

SA technology innovator and leader in the capture and analysis of information, Argility, highlights the challenges around POPI compliance.

Argility CEO, Marko Salic, notes that 18 years ago, the world was in the throes of the Year 2000 (or Y2K) crisis. The IT Industry solved the problem by sheer bloody-minded persistence, creating and executing massive projects to locate and fix lines of code that used the two-digit date format, and might be compromised by the arrival of a new year using the “00” that could mean 1900 as well as 2000.

“A similar, though smaller challenge, faces South African companies as POPI comes into effect. Fundamentally, the Act requires any South African institution or juristic person to collect, process, store and share a third party’s information in line with certain requirements. The intent is to protect valuable personal information, and to ensure that individuals never lose control of information about their identity and thus, by implication, that identity itself,” says Salic.

In order to comply with POPI, organisations will need to identify where this kind of personal information is stored on their systems, and then put measures in place to protect it from hackers, and from being used improperly by the organisation itself. “As in the Y2K case, it is highly likely that this information will be found in disparate places across the organisation’s databases and applications. Most organisations have an untidy patchwork of legacy systems that have grown organically rather than been designed from scratch. Just tracking it down will be a significant task.

“Only once the location of the personal information has been ascertained can the appropriate policies be implemented.”

Salic confirms that at the practical level, organisations must first understand that POPI compliance is essentially a business issue. “The fines from non-compliance can range from a hefty fine or a gaol sentence, or payment to those whose information has been compromised. There is also the question of reputational damage. The business therefore has to take ownership of POPI compliance, and ensure that a team is in place. It should not be seen as an IT issue, although IT will of course assume responsibility for the information that is stored and processed digitally – but personal information may also be stored and used outside of the IT system.”

The good news is that the date by which POPI will become effective has not yet been announced. “There will be a year’s grace period for organisations to comply, so it would appear that the earliest date would be in December 2018. But this should not be seen as an excuse for putting POPI compliance on the back burner. This is a very large elephant that will have to be eaten in small mouthfuls – best to begin now to avoid indigestion later,” Salic concludes.

Latest Posts

Enjoying our blog? See the latest posts!
May 9, 2022
Best value from a Fleet Management Information System & GPS/Tracking

by Johan van Niekerk, Fleet Solutions Consultant, FleetDomain – part of the Argility Technology Group. The internationally accepted format of managing a fleet effectively, is that of: Assets; Fleet Operations; Driver and Safety Management. These matters are in turn all inter-related when it comes to determining the total cost of ownership (TCO); cents per kilometre […]

Read More
March 18, 2022
Real fleet management in the future fleet world

A fleet management information system allows fleet managers to leverage their drivers as assets, rather than liabilities. By Johan van Niekerk, Fleet Consultant for FleetDomain. Research indicates the global fleet management market is expected to grow to $34 billion by 2025 at a compound annual growth rate of 11.3% during the forecast period. These statistics […]

Read More
January 14, 2022
Smollan acquires Argility Technology Group

The Argility Technology Group (ATG) has announced an exciting business development as it becomes part of a global enterprise – the Smollan Group – an intelligent commerce solutions business, driving sustainable growth and operational excellence. Smollan has acquired ATG from Capital Eye Investments – a private equity and venture capital company that invests in technology-driven […]

Read More
Copyright @2020 FleetDomain
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram