POPI: are you clear and compliant?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://memeburn.com/2015/10/popi-are-you-clear-and-compliant/

While only certain sections of the Protection of Personal Information
(POPI) Act have been implemented since the Act was made law on 26 November
2013 – largely pertaining to the establishment of the Regulator – the
majority of the Act will commence once the implementation date has been
proclaimed by the President.

Commencement of the Act in its entirety will put much pressure on
advertising agencies and direct marketers to comply and, according to a
speech by POPI expert Gareth Cremen of Ramsay Webber Attorneys, agencies
should be working with their IT partners now to store their current client
data bases before the Act is officiated, as strict new procedures for
storing new client information will be required once it commences in its
entirety.

POPI brings with it the potential for hefty fines should a company violate
the Act without “reasonable defence”, so it is vital to note that companies
will be expected to appoint an Information Officer, who will be responsible
for the storage, dissemination and management of all clients’ personal
information. This individual must be familiar with all aspects of POPI and
its impact on their own and their clients’ databases.

Independent research clearly shows a need for agencies to become more aware
of the impact this Act will have on day-to-day business. It is a real issue
and should be taken seriously, and companies would do well to have experts
on hand to assist.

In light of global data security breaches like hackers releasing personal
information from a variety of sites – including the now-infamous
AshleyMadison.com, Dropbox and payment-enabled sites – taking action before
POPI is fully functional will give companies a studier platform from which
to operate in the event of an issue cropping up. Business continuity is
paramount in our industry and playing catch-up in the event of a
POPI-related issue will put agencies and marketers on the back foot.

It’s not all scary news, though – POPI is certain to assist in curbing
identity fraud and misuse of client information. However, the ramifications
for non-compliant direct marketers and advertising agencies may have
significant consequences.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!