Telkom has announced that its CEO and executive director Sipho Maseko will step down on 30 June 2022. The telecoms company said the process to appoint a successor is well underway and a designated group CEO will be announced in the not too distant future.
It is possible that cooking oil prevented more looting in South Africa in the last week than the president, the ANC, the intelligence community, the army and the police combined. This, without question, says something about the versatility of the product. It says even more about the state of the state. When you are shown up by canola, you might want to revisit your strategy.ByHoward Feldman
Performance Media across Search, Social and Programmatic platforms is the single fastest growing area of digital media in South Africa. Combine that with the detailed analysis of campaign management, tagging and ad operations, and it becomes apparent that these highly specialist functions require a highly specialised unit.
The Transnet Port Terminals website has been hacked, implying that all companies under Transnet have been affected. All Transnet websites were down at the time when reporting was done for this SA Trucker article. The publication cited sources who requested to remain anonymous because they are not allowed to speak to the media.
The eleventh hour is upon businesses who are not Protection of Personal Information Act (PoPIA) compliant. The effective date of 1 July is upon us.
Photo by Scott Graham on Unsplash
Securing your data will help your business be in good standing with local and international partners. This will also enhance the reputation of your business and exempt you from fines and non-compliance.
Here are six steps your business can take before 1 July to be PoPIA compliant:
1. Encrypt everything
One of the major requirements under PoPIA is to ensure that you apply Generally Accepted Information Security Protocols. While these requirements are not the same for all organisations, some may apply to most businesses. One of these is that you need to secure all places where you store personal information: lock away any paper or file that contains customer information and limit access to the keys.
When it comes to computers, cell phones and servers, they need to be encrypted. Many versions of Windows have built-in encryption, but if you do not use one of those versions, it is time you start looking into encryption for your computers. At least all modern cell phones can be encrypted, and all mobile devices that process personal information need to be encrypted.
2. Train your staff
Now is the time to give your staff proper PoPIA compliance training, if you have not done so. With the PoPIA effective date coming closer, more people are claiming to provide compliance training. If you, like me, receive several emails a day offering PoPIA training, but they do not even state who the trainers will be, you have a cause for concern. This is why it is crucial to verify trainers’ credentials.
3. Enter into data processing agreements with operators
PoPIA requires a Responsible Party - the party that determines what to do with the personal information - to enter into written agreements with any other parties that will be doing further processing on their behalf. These agreements need to state how these operators will be required to process the personal information. Please note, this is not a contract with your customer; but these concern organisations handling personal information on behalf of your business.
When the Protection of Personal Information Act (PoPIA) comes into effect fully from 1 July 2021, there are some areas of possible dispute that could arise between employers and employees, including the monitoring of employee emails...
If your business is planning on engaging in direct marketing, PoPIA is very strict about requesting and getting consent from people outside your contact or customer list. The website of the Information Regulator contains sample documents of such a request, which may be sent via email as an alternative.
Also, keep a record of all such requests and responses, as you are not allowed to advertise directly to people that have not expressly opted in on these requests. Failure to reply to the request does not equate to consent.
5. Get some sort of database in place to record requests from data subjects
PoPIA guarantees data subjects or the people whose information will be processed the rights of access to, correction, or deletion of their personal information. All such requests must be recorded and stored, as well as the action taken. Please note that not all deletion requests have to be adhered to, such as when you are required to process the personal information in terms of a contract.
6.Update your PAIA manual
The Promotion of Access to Information Act (PAIA) requires all companies to have a PAIA manual, but PoPIA added several requirements.
It is, therefore, very important to ensure that you update your PAIA manual to become compliant with PoPIA. This exercise is not as easy as it may seem at first. If you have the funds, hire reputable experts to draft one for your company. If not, refer to the publicly available PAIA manuals of large South African corporations for guidance.
About the author
Rian Schoeman is the head of legal and chief privacy officer at LAWtrust.
LEGAL DISCLAIMER: This Message Board accepts no liability of legal consequences that arise from the Message Boards (e.g. defamation, slander, or other such crimes). All posted messages are the sole property of their respective authors. The maintainer does retain the right to remove any message posts for whatever reasons. People that post messages to this forum are not to libel/slander nor in any other way depict a company, entity, individual(s), or service in a false light; should they do so, the legal consequences are theirs alone. Bizcommunity.com will disclose authors' IP addresses to authorities if compelled to do so by a court of law.