at the end of January. Given the timing of the event in the annual calendar, it’s a great opportunity for organisations to remind themselves of their obligations to protect customer privacy over the coming year. In doing so, they will need to remember that privacy and security are two sides of the same coin.
This is increasingly important in the context of South Africa’s privacy law, the Protection of Personal Information Act . With large fines and potential jail sentences in the offing for non-compliance, the threat of reputational, financial and criminal risk for domestic firms has never been greater.was signed, heralding the first legally binding international treaty governing privacy. Yet, for decades after that date, consumer interest and awareness about privacy rights were limited.
That’s part of the reason why Europe’s GDPR was created. The first-of-its-kind legislation defined a swathe of new privacy rights for citizens, or “data subjects”, and demanded that the companies that they interacted with online respected these rights. Now the world, including South Africa, has followed suit.That’s wherecomes in.
This year’s Data Privacy Day marked just over 18 months since Popia became enforceable. And while the intervening time has been largely a time for the Information Regulator to educate organisations about their responsibilities, there are signs that the grace period may be coming to a close. According to
, the regulator “has indicated that it will not hesitate to show its teeth going forward and it is foreseeable that we may witness the first fine or penalty imposed under Popia this year”.This should be viewed as an opportunity, rather than yet another compliance burden for boards to manage.