GOVERNANCE - POPI & ARABELLA
for the estate should a breach or compromise occur .
Governance of the POPIA implementation
A number of governance and management aspects , including the appointment of an information officer and deputy information officer within the HOA , were implemented , as well as a number of policies and notices that provided much of the evidence of the POPIA preparation project . Risks relating to personal information were also identified and included in the estate ’ s risk management processes . The HOA team were also trained in the various aspects of the Act to ensure that they fully understood the implications of the legislation when handling personal information .
Benefits of the POPIA project
The key benefits of the project are to ensure that appropriate and reasonable measures for protecting personal information are implemented , and in the event of a legal claim arising , that they will be able to demonstrate due care with regard to POPIA compliance . It is hoped that this will result in greater leniency should penalties be imposed than would be the case if the estate had not implemented the appropriate measures . Further benefits include gaining the invaluable trust of residents and prospective homeowners as well as external stakeholders . The tools and support provided by IACT Africa have given the project a sound foundation on which to build , enabling Arabella to accelerate implementation and reduce their costs .
Being awarded POPIA compliance certification
Complying with laws and regulations is often seen as a necessary evil , but compliance can be a positive practice that results in benefits , provided the appropriate focus is in place .
As with any law , the steps that an organisation takes to comply are often open to interpretation . In the case of POPIA , organisations are expected to apply appropriate and reasonable organisational and technical measures as stated in the security safeguards condition in the Act and apply these as a guiding principle .
The approach recommended by IACT Africa and applied during the project was based on implementing appropriate and reasonable measures in line with the eight conditions for the lawful processing of personal information as well as six other areas in the POPI Act . The measures included :
•• Internal and external assessments
•• Compliance accountability structures
••
Publication of a POPI Act compliance privacy notice and related policies
••
Amendments to existing contracts and policies in line with POPI Act compliance requirements identification and recording of areas in which personal information is stored and processed
••
Stakeholder training and employee commitment to protecting personal information
“ The purpose of the POPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting , processing , storing and sharing another entity ’ s personal information by holding them accountable should they abuse or compromise your personal information in any way ,” explains Dirk Uys , Estate Manager of Arabella Country Estate .
“ WE ARE VERY PLEASED TO HAVE RECEIVED OUR COMPLIANCE CERTIFICATION AND BELIEVE THIS IS JUST ANOTHER STEP THAT WE AS THE ESTATE ARE TAKING TO SHOW OUR STAKEHOLDERS HOW MUCH WE VALUE THEIR AND OUR OWN PRIVACY .”
While there is no POPI Act related case law as yet , the significance of Arabella ’ s compliance measures will stand up strongly in a test of reasonableness in the event of a court hearing . The adoption of international privacy and data protection legislation will also become important as time goes by , in particular the European Union General Data Protection Regulation .
John Cato
PAGE 29