HR Pulse

Profile

Layout

Direction

Menu Style

Cpanel

POPI offers SA business the chance to clean house

Anne-Marié Pretorius
ARTICLES

 http://pixabay.com/p-268134/?no_redirect

The Protection of Personal Information Act (POPI) is an opportunity for South African corporates to enforce sound business practices across the board and effectively 'clean house'. South African companies are on the low end of the spectrum when it comes to information security spending but POPI encourages employers to update the aspects of business where personal information is affected, especially where many large companies have been guilty of taking a reactive approach to POPI – which could have severe consequences.

Companies are adopting a 'wait-and-see' approach with POPI because a regulator has not been appointed and an official deadline hasn't been formalised. Companies need to drop this methodology, considering the substantial time and focus that POPI implementation requires. Organisations that fail to comply with the new act may face severe punitive consequences.

What are the implications for SA's international partnerships?

Europe enforces strict personal information security conventions and South Africa - as a major trade partner - will need to follow similar guidelines. Increasing data security and quality, among others, will greatly benefit those businesses that rely on trade with Europe and the US.

Look internally for security breaches

Security breaches at a business level are not always external. Often, security breaches come from inside cases like the 'innocent' sharing of passwords, scribbling said passwords onto scraps of paper or leaving portals logged-on when leaving a work station.

Education is a critical step in the adoption of POPI – specifically laying out what is and isn't acceptable in the workplace. A good example of this is the company's printers. We're all guilty of printing documents and forgetting to collect them from the communal printer. Printers are a huge risk area and may often be the source of company fraud.

Implement solutions now to address the future

It is recommended that companies use multifunctional project teams to implement the change management process required to comply with POPI as this creates the required focus and momentum.

Approaching POPI from a legal perspective or compliance perspective only is not the correct way to tackle this diverse act. It's critical to manage it holistically and with a customised team that can effectively cover all elements including systems, people and IT.


Anne-Marié Pretorius is a partner at Bizmod. She has 13 years’ experience in banking, telecommunications, information technology and insurance. The bulk of Anne-Marié’s experience has been in projects that have focused on system implementation and mergers, restructures and project-based project management.

Her consulting career has seen her working with all levels of organisations and delivering high-quality results at each stage. She believes in going the extra mile and developing innovative ways to address issues and overcome obstacles.

Anne-Marié has a degree in law and an honours in human resource development from the University of Johannesburg. She also has an MBA from Unisa.



BLOG COMMENTS POWERED BY DISQUS