POPI: are you clear and compliant?

While only certain sections of the Protection of Personal Information (POPI) Act have been implemented since the Act was made law on 26 November 2013 – largely pertaining to the establishment of the Regulator – the majority of the Act will commence once the implementation date has been proclaimed by the President.

Commencement of the Act in its entirety will put much pressure on advertising agencies and direct marketers to comply and, according to a speech by POPI expert Gareth Cremen of Ramsay Webber Attorneys, agencies should be working with their IT partners now to store their current client data bases before the Act is officiated, as strict new procedures for storing new client information will be required once it commences in its entirety.

POPI brings with it the potential for hefty fines should a company violate the Act without “reasonable defence”, so it is vital to note that companies will be expected to appoint an Information Officer, who will be responsible for the storage, dissemination and management of all clients’ personal information. This individual must be familiar with all aspects of POPI and its impact on their own and their clients’ databases.

Independent research clearly shows a need for agencies to become more aware of the impact this Act will have on day-to-day business. It is a real issue and should be taken seriously, and companies would do well to have experts on hand to assist.

In light of global data security breaches like hackers releasing personal information from a variety of sites – including the now-infamous AshleyMadison.com, Dropbox and payment-enabled sites – taking action before POPI is fully functional will give companies a studier platform from which to operate in the event of an issue cropping up. Business continuity is paramount in our industry and playing catch-up in the event of a POPI-related issue will put agencies and marketers on the back foot.

It’s not all scary news, though – POPI is certain to assist in curbing identity fraud and misuse of client information. However, the ramifications for non-compliant direct marketers and advertising agencies may have significant consequences.