The Protection of Personal Information Act (Popia) was signed into law in 2013 but has still not come into full operation.
Since it was signed, businesses have been advised that its full operation was imminent but “we are still waiting for this to happen”, say attorneys Smith Tabata Buchanan Boyes.
Recently, the Information Regulator asked the president to proclaim the Popia commencement date as April 1, which would make the compliance deadline April 1 next year.
However, with the Covid-19 pandemic, added to the financial impact of Eskom and SAA’s problems, commentators are not convinced this will happen. Still, this should not translate into procrastination, say the attorneys.
“The Popia is good business practice in operation, requiring proper data management processes. “It is good business sense to know what data you have, why you have it and what you do with it.
“Whether it comes into effect on April 1, or sometime later this year, do what is reasonably practicable in your business to start aligning your practices with the requirements of the Popia.
“Appoint an information officer, train your staff and put policies in place because, ultimately, it is coming.”