Despite signing the Protection of Personal Information (POPI) Act into law two years ago, government has still yet to announce a commencement date for the Act.
The POPI Act aims to promote transparency with regard to what information is collected and how it is to be processed. The law will essentially make South African companies globally competitive in terms of international data exchange laws.
In terms of the Act, Parliament must now appoint an Information Regulator to enforce the new legislation. Parliament asked for nominations for the position of the Information Regulator and candidates were nominated by 14 August 2015.
ITWeb says the delay comes at a time when cyber leaks and hacking threats are on the rise globally, with SA being no exception. According to Fortinet’s Africa Regional Director, Perry Hutton, the healthcare sector is very vulnerable to cybercrime.
Parliament has now asked for another workshop to be set up next year for all relevant stakeholders to discuss various things like: Why POPI is important; how it will it protect the poor; who it will protect; the role of the Information Regulator; how it fits in with the Protection of State Information Act; as well as the Promotion of Access to Information Act.
Michalsons Attorneys says there are answers for all these questions, and they’re not sure why this workshop is necessary. Michalsons says all of these issues were discussed as part of the 10 year long legislative process of enacting POPI.
“Why is Parliament now reluctant to appoint the Information Regulator? Could it be that government (public bodies) have realised the Information Regulator is an independent body (like the Public Protector and other Chapter 9 institutions) that could hold government responsible for failing to protect the personal information of people that government processes?”
“Government bodies, like SARS and home affairs, process lots of personal information of all South African citizens, who require protection and recourse from transgressions in terms of POPI,” wrote Michalsons Attorneys in a statement.
The firm adds that in the absence of other information, it presumes the process to appoint the Information Regulator is on hold until after the workshop next year. “With local government elections next year in May 2016, we anticipate the POPI commencement date will be in the second half of 2016.”
Meanwhile, Francis Cronjé, a corporate governance expert who is also CEO of InfoSeal and MD of franciscronje.com, believes the delay can be seen as good news for local businesses in their efforts to become compliant.
“Our experience has shown that very few organisations are POPI-ready and are having difficulties implementing the conditions associated with POPI across their business. Additional time could alleviate those concerns,” Cronjé told ITWeb.
It does, however, not bode well for those persons awaiting better protection of their personal information and subsequent delays might cause individuals and organisations alike to doubt the importance of one’s right to privacy, he points out.
“This, coupled with persons’ constitutional right to privacy, should prevent organisations from taking a lacklustre approach and POPI delays are no excuse from being pro-active in ensuring the protection of all persons’ personal information,” concluded Cronjé.