Government has accepted the Protection of Personal Information act. How can local businesses prepare? The Protection of Personal Information act has been waiting in the wings of South African legislature for some time now.
This year, after several reconsiderations and movements through state administration, President Jacob Zuma is expected to sign the law into power – giving organisations that are responsible for handling sensitive information only twelve months to comply with its requirements.
The penalties for failure to do so are harsh. Entities that are unable to meet the Protection of Personal Information (PoPI) act’s guidelines will face fines of up to R10 million or 10 years in jail, may be required to pay out significant sums in damages to civil class action and will certainly suffer reputational impairment as a result.
PoPI is a comprehensive statute that protects the integrity and sensitivity of private information. In response entities operating in sectors that require personal particulars – such as financial services or telecommunications, will be required to carefully manage the data capture and storage process.
The act will apply to any information regarding clients or suppliers, including contact details and correspondence. Human resources and payroll data, curricula vitae, applications for employment, CCTV records, performance reviews and internal e-mail records are also subject to PoPI’s requirements.
Indeed, PoPI’s stringent cross border data transferal expectations – in which information may not be relocated to countries with inadequate information protection frameworks, is also proving a challenge for entities that do business in Africa.
To prepare timeously many organisations are scrambling to identify and implement tools that will aid in the protection of personal information.
In many ways, Mimecast’s information archiving, security and continuity offerings tick all the boxes.
Mimecast offers a cloud based solution that enables employees to access corporate communication in a highly secure manner. This service incorporates stringent local data storage policies and includes tools to separate personal and business information within the organisation and enable secure governance based data transfers.
Significantly, Mimecast also offers an email branding solution that allows viewers to opt out if they deem the content inappropriate. This instrument is complimented by a monitoring system that enables the user to choose what they receive. These elements directly respond to PoPI’s stringent spam requirements.
Although these resources provide a robust resolution to PoPI compliance, what tools do they offer when an organisation is expected to respond to regulators?
In this event Mimecast is equipped with a comprehensive eDiscovery and forensic solution that allows an entity to search the breadth of its internal data. This will undoubtedly prove particularly useful for organisations that are faced with allegations of data leakage or mismanagement of information.
The Protection of Personal Information act is a significant hurdle for local businesses to overcome. Although it will ultimately safeguard sensitive information, the road to corporate compliance may seem long and treacherous for many large entities.
Mimecast’s Unified Email Management, Large File Sending and Mimecast Sevices For Outlook (MSO 4) are arguably the most comprehensive and easily applied PoPI friendly tools currently available. With legislation approval on the horizon, organisations are encouraged to begin making preparation.
Heino Gevers, Security Specialist at Mimecast South Africa.