Given the number of data breaches that have occurred recently, companies would be prudent to review their privacy policies and procedures, despite the Protection of Personal Information Act, 2013 (“POPIA”) not yet being fully operational.
A company cannot yet be fined by the Information Regulator established in terms of POPIA as it does not yet have these powers. However, if a company does not have adequate measures in place to protect the information of its clients or customers, and it is the subject of a data breach, it may be opening itself up to potential civil actions being brought by such clients or customers if they can prove that they had suffered damages because of such a data breach.
How does your company get adequate measures in place to protect its data? It is advisable to obtain the guidance of a professional such as an attorney or compliance officer to assist your company in the following:
Although the cost relating to above may be discouraging initially; you may take comfort in the fact that your company will be protected in the event of any data breach which affects your company with the added bonus of being POPIA compliant when the legislation is finally operational.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)