So, the Information Regulator had a press conference today (13 February 2017). We were waiting with bated breath to hear what the effective date was going to be. Alas (or mercifully, depending on your perspective), it seems that the Information Regulator will only be making a recommendation to the President regarding the effective date towards the end of the year.
The chairperson of the Information Regulator, Adv Pansy Tlakula, explained that the Regulator must first be fully operational and staff trained on the Act before it can become effective. There is also the matter of outstanding regulations. A refreshingly sensible approach if one things about the haphazard way in which the National Consumer Commission came into being.
She also pointed out that public and private bodies will have at least a year to become compliant, but remarked that ‘we are looking at 3 years probably’, which is the maximum deferral period provided for in POPI.
We will be keeping a close eye on developments over the coming months. The next interesting phase will be when draft regulations are published. In the meantime, we will keep unpacking the implications of POPI for business and government.
If you are wondering whether your institution should be doing something about data protection, the answer remains a resounding ‘yes’! Why? Well not because of POPI, but because data security breaches do not require legislation to be devastating to a company. Here is a wonderful infographic of the biggest breaches in recent history. But the reasons why good information governance is important are not only negative – it is good business and good for the bottom line.
Want to learn more about POPI and hear about new developments? Get our newsletter. From ‘oh ****’ to ‘aha!’, get free advice on doing compliance right.