POPI Governance

In previous articles published by TOSMS the subjects of the Information Officer and Deputy Information Officers were covered, subjects that fall under the TOSMS workstream called “Governance”.  What was also touched on was the fact that there are a number of governance issues not explicitly stipulated in the Act that arise because of the Protection of Personal Information Act.

Addressing Governance is key for a sustainable POPI outcome

The following series of articles will cover five aspects of governance that are a direct consequence of POPI which need to be factored into a company’s plans for compliance if one is looking at implementing a sustainable outcome.

  1. POPI Compliance Implementation – An obvious governance issue for a company is how formalised the process should be when it comes to making changes to systems, processes, staff roles and records in their operation as a result of the impact of POPI on the organisation.
  1. POPI Compliance Framework – Although not explicitly stated in the Act as a requirement, it does state that the responsible party must ensure that all the conditions for lawful processing of personal information are complied with.
  1. POPI Regulator Interventions – The Act covers a number of situations where regulator engagement occurs.
  1. New POPI Requirements – There are two issues here that have to do with governance when the government introduces changes to the legislation.
  1. PAIA Integration – The Promotion of Access to Information Act has risen in prominence since the introduction of POPI as there are specific requirements in POPI that refer to PAIA.

Each of the five aspects above will be covered in articles by TOSMS over the next couple of months. The articles will give practical insights into what to take into account to satisfy governance requirements when implementing POPI solutions.