Protection Of Personal Information Act

Popi text with lock icon

SA’s largest data breach & how you can protect your data

It turns out SA’s largest recorded data breach was traced to a Web server registered to a real estate company based in Pretoria, Jigsaw Holdings. They are a holding company for several real estate franchises including Realty1, ERA and Aida. Apparently, this website had exceptionally lax security and contained a database of 75 million records, including the records of 60 million SA citizens.

It seems that hacking wasn’t required to get access to these records as the information was easily accessible on an open Web server. The same credentials were used everywhere and allowed full administrator access across all the databases on the server. All personal data was contained in a single database in clear text. It indicates an overall lack of even the most basic security awareness.

Jigsaw Holdings missed the mark on so many levels, information governance and security was never considered. Read more

Woman holding a holographic icon cloud

Processing child information: it doesn’t get more personal than that…

Before we talk about the challenges of processing the personal information of minors, let’s take a step back.

It feels like popi has been in this kind of legislative limbo for years. Oh wait, it has been years. There seems to be some movement lately. Since adv pansy tlakula and the other members of the regulator was appointed last year, they have had their inaugural meeting. Despite a lot of speculation, there has been no indication of when the act will become effective. But we will be watching…

Read more

risk street sign

You have a data breach…now what?

Data breaches are almost inevitable. So, in addition to working towards preventing data breaches, you should be asking yourself whether your business is ready to respond quickly and effectively when the pawpaw (or POPIA) strikes the fan.

When you look at data breaches around the world, businesses often get into hot water for not being prepared to deal with data breaches. Your response must be swift, it must give the affected people the tools to protect themselves, must not open you up to liability (the legal stuff like fines and civil actions) and you must manage the PR fallout. The harm to your reputation is the biggest risk when a breach happens.

Read more

woman holding a holographic cartoon cloud filled with icons

Justice and correctional services committee recommends candidates for information regulator, SAHRC and NCCS

Below please find the official press release form parliament:

Parliament, Wednesday 18 May 2016 –The Portfolio Committee on Justice and Correctional Services met and recommended candidates for the Information Regulator as well as the South African Human Rights Commission (SAHRC).

Subsequent a briefing yesterday by the Department of Justice and Correctional Services pertaining to the list of candidates that should be appointed and serve on the National Council for Correctional Services (NCCS), the Committee was in concurrence with the proposed candidates by the Minister of Justice and Correctional Services as to the public representatives who should serve on the NCCS. Read more

Cyber lock

POPI and Human Resources

The bulk of personal information in a particular business is often found in Human Resources (HR) departments. Yet, HR departments are often overlooked in the compliance exercise – partly because employee personal information is seen as less important and risky than customer personal information and because of the enormity of the task.

Read more

risk street sign

POPI is signed into law — what should business know right now?

There are a couple of things that have to happen before the Act will become a reality for business: The President has to publish a commencement date in the Government Gazette; then businesses will have at least a year to comply; then an Information Regulator will have to be appointed and its office established.

Read more

German Federal Court of Justice establishes verification duty for online review portals

On March 1, 2016 the German Federal Court of Justice ruled on the duty of an online review portal operator to verify reviews.

Five Strategies to Protect Your Organizations in the Cybersecurity Age

“That means any business can be a target and suffer the consequences of a cyber-attack, and every business needs to take appropriate measures to protect itself.” This article gives five steps that every company can afford to take to protect itself against cyber attacks.

Protect data availability to comply with POPI

“Protecting customers’ personal information against loss or damage is just as important for companies considering the Protection of Personal Information (POPI) Act as protecting it against theft and unauthorised access.”


Get a head start on POPI with these 5 tips

“If one considers that between 70% and 80% of South African adults have been victims of cybercrime in their lifetime, the Protection of Personal Information (POPI) Act is an essential leap forward in South African legislative terms, as it is the first piece of legislation to specifically address, as its main objective, the protection of personal information.”