POPI Update

Posted on

It appears that our readers are more attuned to complying with pending legislation than public enterprises.

Grant Thornton recently published an article titled: “Public Sector falling behind in POPI Act compliance”:

“More than one year after the Protection of Personal Information Act (POPI) was enacted the public sector has yet to take steps towards ensuring compliance.

“Despite an official commencement date for the legislation which is still to be finalised and announced, new research by Grant Thornton indicates that unlike the public sector, the private sector has taken substantial steps towards becoming compliant,” says Michiel Jonker, Director: IT Advisory at Grant Thornton Johannesburg.

“Several government departments are in possession of vast banks of personal information – from ID numbers, to addresses, marital status and even gun ownership details. They are therefore incredibly vulnerable to information theft and have to take drastic steps to ensure compliance with the POPI Act,” said Jonker.

He believes that the delayed announcement of the official commencement date is just one of the reasons for the Public Sector’s lack of action. In addition, the fact that POPI provides for an additional grace year from the commencement date to comply with its requirements, is also causing this ‘wait and see’ attitude.

“It is simply not treated as a priority at this stage. Municipalities collect and hold substantial personal information of their residents but do not have the capacity and resources to ensure POPI compliance. Most are dealing with major service delivery issues and financial performance priorities and, understandably, are paying little attention to this requirement of managing personal information,” warns Jonker.

A Moonstone Monitor reader in KZN recently enquired about possible workshops/seminars specifically on the POPI Act. We did conduct workshops in June last year, but indicated that there is still a lot that has to fall in place before it happens. We advised attendees to start looking at sources from which they obtain information, what they do with it, and how and where they store it.

We plan to schedule workshops once we have received the standards, codes of conduct, etc. and there is more certainty on effective dates.

We will be hosting workshops later in the year on other industry developments, including the Financial Services Regulation Bill, Insurance Law amendments, etc. Full details will appear in our newsletters.

If you want to know more, please download The Guide to Navigating POPI, published by Everlytic, which contains all the information you need to get set for the day it becomes a reality.