By Ben Bierman
A YEAR ago, President Cyril Ramaphosa declared that by July this year, South African businesses would be required to put necessary measures in place to become compliant with the new Protection of Personal Information (Popi) Act.
The act is to ensure better data and security management as well as accountability on how businesses use public data, bringing South Africa’s privacy laws in line with international standards.
It will also limit how companies use and store data such as customer email addresses (which might have historically been used for direct sales leads or dissemination of company newsletters).
Popi promotes the protection of personal information across the public and private sector. Historically, laws on the use of personal details were less stringent.
With data breaches on the rise, the Popi Act seeks to protect consumers from security breaches, theft, and discrimination.
Based on responsibility, security, and consent, Popi holds all data processors accountable, regardless of the size of their databases. Every business that is online and collecting data from customers is, unfortunately, vulnerable to a cyberattack. Therefore, small and medium enterprises (SMEs) are not exempt from needing to become compliant.
According to Accenture, South Africa has the third-highest number of cyberattacks, which collectively led to losses of more than R2 billion a year.
Recently, a leading health group fell victim to a sophisticated cyberattack,…