Take POPI serious!Date posted: 07.06.2016 | Author: Harry Bovensmann
A lot of businesses are still not taking the Protection of Personal Information Act POPI serious. A recent survey has raised concern about a lack of awareness among South African organisations about the legal requirements around storing and disposing of confidential data outlined in POPI. Organisations which do not adopt the act after this time could face financial penalties of up to R10m, or a prison sentence of up to 10 years.
More than three-fifths of small and medium enterprises (SMEs) surveyed and a third of larger organisations in South Africa surveyed believe Popi does not apply to their business, according to the first South Africa State of the Industry – Information Security report conducted by research body Ipsos on behalf of information security company Shred-it. Findings of the survey, which was launched on Friday last week, show C-suite executives (70%) are more likely than SMEs (37%) to understand the implications the Popi Act has on their business. Although the act is yet to be fully implemented, once it comes into force businesses are given a grace period of just one year to comply.
There is a worrying gap in knowledge for employees, resulting in personal information potentially being compromised as they are unaware of how to correctly protect, process and securely dispose of data.
Businesses can increase security by implementing a Clean Desk policy, which means all information must be secured, for example in a locked drawer, when an employee is away from their desk, and a Shred-it All policy, which means that all office paperwork is destroyed before being recycled. Some companies have already responded to these security risks, with 80% of C-suites and 64% of SMEs stating that they have a Clean Desk policy in the workplace.
By neglecting to put policies in place, businesses are at serious risk of a data breach which causes significant legal, financial and reputational harm.
The survey results indicate a need for government to take action and help South African businesses understand their information security priorities, with both C-suite respondents (47%) and SMEs (55%) saying government commitment to information security needs improvement.