ABSTRACT
Privacy entails controlling the use and access to place, location and personal information. In South Africa, the first privacy legislation in the form of the Protection of Personal Information (POPI) Act was signed into law on 26 November 2013. The POPI Act promotes the protection of personal information by South African public and private institutions and specifies the minimum requirements in twelve chapters, which includes eight conditions for lawful processing of personal information. In 2012, CIBECS as part of their State of Business Data Protection in South Africa survey assessed, amongst other aspects, how prepared South African institutions were to comply with the then forthcoming protection of personal information legislation. Since that survey, the POPI Bill progressed to an Act and, more recently, in 2015 processes commenced to appoint the Information Regulator (in terms of the legislation), who would be responsible for enforcing the POPI Act. Due to the aforementioned developments and looming enforcement date associated with the POPI Act, this paper assesses the level of understanding of the POPI Act by participants from South African institutions as well as the current level of compliance to the POPI Act. Specifically, the current level of compliance to Condition Seven of the POPI Act, relating to the confidentiality and integrity of electronic personal information, is explored. Furthermore, a view is provided of the financial value associated with electronic personal information maintained as well as the potential impact a data breach of electronic personal information may have on an institution.
- Kuneva, M. (2009), "Keynote Speech - Roundtable on Online Data Collection, Targeting and Profiling", p.2, http://europa.eu/rapid/press-release_SPEECH-09-156_en.pdf, (Accessed, 6 May 2016).Google Scholar
- Ali, A., Eggers, W.D., Hamill, R. and Hersey, J. (2013), "Data as the New Currency - Government's Role in Facilitating the Exchange", Deloitte Review, Issue 13, p.19.Google Scholar
- World Economic Forum (WEF). (2014), "Global Risks 2014", Insight Report, 9th Edition, pp. 12-13, http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2014.pdf, (Accessed 7 May 2016).Google Scholar
- Saunders, K.M. and Zucker, B. (1999), "Counteracting Identity Fraud in the Information Age: The Identity Theft and Assumption Deterrence Act", International Review of Law, Computers & Technology, Vol.13, No.2, p.183.Google ScholarCross Ref
- Moore, A.D. (2008), "Defining Privacy", Journal of Social Philosophy, Vol.39, No.3, p.425.Google ScholarCross Ref
- Hoar, S.B. (2001), "Identity Theft: The Crime of the New Millennium", Oregon Law Review, Vol.80, No.4, p.1423.Google Scholar
- Information Systems Audit and Control Association (ISACA). (2014), "Risk to Entities Regarding Data Breaches - Lessons from a Brief Case Study", Information Systems Audit and Control Association (ISACA) Journal, Vol.2, p.14.Google Scholar
- Titus. (2011), "Protecting Personally Identifiable Information (PII) with Classification and Content Inspection", Titus White Paper, p.5.Google Scholar
- Stein, P. (2012), "South Africa's EU-style Data Protection Law", Without Prejudice, Vol.12, Issue 10, pp. 48--49.Google Scholar
- Republic of South Africa. (2009), "Protection of Personal Information (POPI) Bill", Cape Town and Pretoria: Government Printer, pp. 1--50.Google Scholar
- Republic of South Africa. (2013), "Protection of Personal Information (POPI) Act (Act 4 of 2013)", Cape Town: Government Printer, No.37067, pp. 2--146.Google Scholar
- CIBECS. (2012), "State of Business Data Protection in South Africa", http://offers.cibecs.com/state-of-business-data-protection-in-sa, (Accessed, 6 May 2016).Google Scholar
- Parliament of the Republic of South Africa. (2015), "Announcements, Tablings and Committee Reports", Cape Town: Government Printer, No. 70-2015, p.2205.Google Scholar
- Michalsons. (2014), "Protection of Personal Information Act - POPI", http://www.michalsons.co.za/protection-of-personal-information-act-popi/11105, (Accessed, 6 May 2016).Google Scholar
- Kothari, C.R. (2004), "Research Methodology: Methods and Techniques", New Age International, p. 5.Google Scholar
Recommendations
PoPI Compliance through Access Control of Electronic Health Records
SAICSIT '19: Proceedings of the South African Institute of Computer Scientists and Information Technologists 2019The electronic health record (EHR) has revolutionised the manner in which healthcare is delivered by providing clinicians with electronic access to patients' complete medical history. Countries such as South Africa aim to take advantage of the EHR by ...
West Coast Federal Appeals Court Upholds Chip Protection Act Violation Finding
IEEE Micro's law columnist analyzes the recent decision by the US Court of Appeals for the Ninth Circuit to uphold a ruling that Clear Logic infringed Altera Corp.'s rights under the Semiconductor Chip Protection Act of 1984. One dispute at issue ...
Personal data protection in electronic business
ICEC '05: Proceedings of the 7th international conference on Electronic commerceThe paper review the personal data protection law, the right to privacy and related torts in cyberspace, the legal proposals have been suggested, it is important to construct a legal system for protection of the right to privacy. The data protection ...
Comments