The latest country to enact stringent data privacy legislation is South Africa, with the new Protection of Personal Information Act (POPI Act or POPIA). POPI sets a new standard for the processing of South African constituents' personal information by public and private bodies within and outside of the country’s borders. Organisations doing business in South Africa need to ensure their information security practices are updated to meet POPI compliance.
What is the purpose of the POPI Act?
The POPI Act sets in place regulations governing South Africa’s constitutional right to privacy, by safeguarding personal information when processed by a responsible part to balance the right to privacy against other rights, particularly the right of access to information; and protecting important interests, including the free flow of information within the Republic and across international borders. It also aims to regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information.
What information security measures do I need to take?
Section 19 clearly lays out what you need to do from a security perspective in great detail. Here’s a quick summary of what’s required for compliance:
1. A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent:
2. In order to give effect to subsection (1), the responsible party must take reasonable measures to:
The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.
Seven practices to defend and protect personal data in your care
With penalties for data privacy violations growing in South Africa, and worldwide, organisations need to quickly assess their information security practices. The key to success is to balance the pervasive access to information made possible by enterprise collaboration applications – including data sharing tools, messaging apps and e-mail – while maintaining compliance with POPI and other regulations. Collaboration tools quite simply make it easy for employees to inadvertently share regulated information with unauthorised parties, or worse, steal it for malicious purposes. Regardless of the cause, your organisation is on the hook in the event of a breach.
“While this may seem like a daunting task, there are many solutions that can help you ensure POPI compliance and mitigate risk. A data-centric approach to managing compliance is a must to comply with POPI,” said Sean Glansbeek, CEO at Private Protocol.
Protection must be applied to the data itself as opposed to just the application or container in which it resides to best protect against breaches and compliance violations as it passes though digital hands within and outside your organisation.
Nucleus Cyber offers an advanced information protection solution that can help ensure your organisation is in compliance with the POPI Act information security mandates. The company’s NC Protect solution provides a simpler, faster and more cost-effective solution to tailor information protection to control user access to and sharing of regulated personal data and other sensitive information (intellectual property, financial information, healthcare information, HR documents, etc) in file sharing, messaging and chat across cloud, on-premises and hybrid collaboration tools.
NC Protect empowers organisations to implement and enforce POPI information security measures with an automated solution to:
Ensure compliance without sacrificing collaboration
Protecting data governed under POPI is of utmost importance for organisations doing business in South Africa – not doing so will harm both your brand’s reputation and your bottom line. Organisations must strive to keep the right balance between what users need from a collaboration perspective and what the organisation demands from a security perspective to remain in compliance.
NC Protect’s advanced information protection capabilities can help you ensure compliance with POPI, as well as other international data regulations and business policies – without sacrificing the advantages of collaboration.