Articles

The term sounds like something a group of guys in suits brainstormed at a yearly company meeting that could have been an email. But, change management is not only good, it is...

We were fortunate to have the founder of Creative Contracts, Robert de Rooy, join us on our Plain Talk Show recently to discuss the origin story of comic contracts and how better...

At long last, the Information Regulator has published its Guidance Note on POPIA and direct marketing. We did a close reading of what it said so that you don’t have to. Here’s...

The Regulator’s recent Guidance Note on POPIA and direct marketing is about more than just telemarketing (we did a close read of the whole thing, which you can read in part one)....

Artificial intelligence (AI) is no longer the stuff of futuristic films—it's here, right in our workplaces, making tasks easier and more efficient. However, before you start celebrating, remember that with great power comes...

We have been plain language fanatics since 2004 when Elizabeth de Stadler and Liezl van Zyl attended the same information design course at university.* Back then, the plain language cause was quite niche,...

Yes, South African law says you can monitor what your employees are doing online – within strict limits. And yes, with remote work being more common, there might be good reason for...

Write a policy that no one sees, reads, or believes. Do you want to write a policy that adds no value whatsoever in perpetuity? The kind that reminds people...

Let’s face it: reading privacy notices is about as exciting as watching your phone charge. But we’re on a mission to spice up those lame-ass, legally (lethally) boring documents with humour, sarcasm,...

Wanna stay in the Regulator’s good books? We swear by these ten steps. KNOW WHAT TO DO IF THE POPIA HITS THE FAN Suffering a data breach is...

Two lawyers walk into a bar … Only kidding, our jokes are never that predictable. But if two lawyers did walk into a bar, chances are they would drink too much. That’s...

Is it open season for sharing personal information in conversation, or should we be vigilant about breaching POPIA? WHAT SECTION 3 SAYS To find out if POPIA applies to...

THE STIR Telemarketing in South Africa is under the microscope, and let's be real, we're all (at least a bit) tired of spammy calls and emails. Enter the Information Regulator (IR), with a...

WHAT’S HAPPENING AT CIPC? If you’re a business-y person living in South Africa, you’ve probably heard about this. For those of you not clued up, there was a recent cybersecurity breach...

THE AI GOVERNANCE AWAKENS We’ve written about the synergies between AI governance and privacy, but things are changing faster than Han Solo can make the Kessel Run. In October 2023, the...

Okay, maybe it’s not MC-Hammer-pants-level exciting, but we’ll be damned if we aren’t going to make it fun! If you feel like you need a refresher – or perhaps a fresh perspective?...

Ever seen a toddler on one of those child leashes? They’re straining as hard as their little sausage legs allow, desperate to run free, talk to strangers and create a crayon masterpiece...

Warning: the following article contains explicit language. That should be fairly apparent by the title but we’re legally obliged (we think) to put it into plain language. If you’re easily offended or don’t...

Okay, we fibbed. While we will be sharing the theories of how jokes work, we can’t actually promise to teach you to be funny. Because, despite the hypotheses, philosophies, rules and formulas,...

There is no better way to introduce our book, Over-Thinking the Protection of Personal Information Act: The Last POPIA Book You Will Ever Need, than by reciting the Dunning-Kruger* prayer: ‘Let me...

The octopus has become something of a theme here at Novation since we put one on the cover of our new POPIA book. This got us thinking about how information officers (IOs)...

“Humour is a superpower in business, now more than ever,” says Naomi Bagdonas, a lecturer at the Stanford Graduate School of Business in her class on the benefits of leading with laughter....

The Information Regulator’s doomsday clock hit 0, life as we knew it changed. 1 July 2021 finally came. The re-consent pigeons were sent out and organisations joined in the communications assault with...

30 June 2021. Unless this is your birthday, this date probably fills most of you with some trepidation. No need – let’s turn the anxiety into excitement that POPIA is finally here...

It’s week 5 000 of the national lockdown, so we reckon everyone will appreciate a change of focus (since we can’t change the scenery). From what we can tell, most people’s pace during...

Many of our projects begin with a similar story from new clients, ‘We made our first attempt to become POPIA compliant in 2015, but nothing changed. We asked ABC to help us...

My recent talk at the IAPP CapeTown/Johannesburg KnowledgeNet was around privacy, ethics and trust in the time of COVID-19. Here is some additional reading. 1. I feel like I am stuck in a...

We all know the announcement at the beginning of a flight (remember those?): ‘In the event of a loss of cabin pressure, an oxygen mask will automatically drop from the ceiling. To start...

Why the face? The Information Regulator asked the President to announce 1 April 2020 as the commencement date for the Protection of Personal Information Act (POPIA). 1 April is also an auspicious date...

We *heart* policies. Done well they can increase efficiency, improve teamwork, establish culture and protect everybody. Check out how we approach policies. Disclaimer: these slides are not for box tickers. And no, we...

The minimality requirement The requirement of minimality is one of the conditions for processing personal information in the Protection of Personal Information Act (POPIA). The POPIA provides that personal information can only be...

Elizabeth sat down with Red And Yellow Creative School of Business to chat about all things POPI vs GDPR and data privacy in the South African context. Fortunately for us, they caught it...

R58.4 million. This is the average cost of a data breach today according to IBM. It is no surprise then that cyber resilience is top of mind for CEOs the world over. But...

Hardly a day goes by that clients don’t ask for recommendations on what new legal or regulatory technology to get to help their in-house legal or compliance teams perform better. The frequency of...

Everywhere we go, we are asked the same questions. Do we really have to use the terrible, horrible, no good, very bad form 4, to get consent for direct marketing when the POPIA comes...

Well, 2018 was one crazy year. Data breaches, dramatic court hearings, lethal deli meats, controversial statements by a leader with freakishly small hands… and that was just at Novation. But seriously, the past...

You know what they say about all work and no play… At Novation we spend an above average amount of time talking, reading, watching series, cycling, drinking wine and playing Lego. We just...

Finally! The latest version of the POPIA Regulations have been tabled at Parliament. We have all been waiting anxiously for an update to the dreaded Form 4. Here is a reminder of what...

When it comes to artificial intelligence (AI) it’s not difficult to see that we find ourselves in a time of great significance. Not only has AI magnificent potential, it is also progressing at...

If you’re in the digital or data driven services industry you most probably received  calls from a lot of panicky clients asking whether your service is GDPR compliant. Luckily for many South African...

Here at Novcon using the word ‘consent’ is pretty much like telling us you do not like our Lego ... yes, we take offence! So, we have dubbed consent the c-word, mostly because...

Hey Plain Jane is working with us on a tool to help people draft POPIA compliance frameworks. Things got a bit strange, even for us. Luckily, we caught Liezl on video. (With apologies...

Boo-Yah! owner Carmen Murray with guest Elizabeth de Stadler : Plain language and privacy law expert - GDPR and POPIA - what you need to know.

The University of Greenwich in the United Kingdom was recently fined £120 000 by their Information Regulator, the Information Commissioner’s Office. You can read the full decision here. Why do we care? We...

We often joke that when we start working on a specific kind of document for one client, several other want the same thing at the same time. It’s a strange, but happy coincidence...

For many years I have had significant misgivings about Facebook’s approach to protecting personal information. Despite this I kept a Facebook account as a means for my friends to update me on what...

In a sense, the POPIA is a bit of an odd bird. In South Africa, we are used to rules-based legislation. Legislation that prohibits things, sets requirements, tells us what to do. This...

With the 25 May 2018 implimentation date for the EU GDPR creeping closer, there is a lot of information flying around. So much, that it is easy to feel overwhelmed. So we thought...

In this country, it’s hard to find something that everyone can agree on, but we’re fairly certain that we all agree that random ‘investment opportunity’ emails, cold calls from insurance companies and personal...

The Protection of Personal Information Act (POPIA) is set to kick in in the first half of 2018, according to the Information Regulator. Businesses have been scrambling to get their information governance practices...

Privacy seems to be on everyone’s minds lately. Between online shopping, sharing your life on social media, and signing up for a webinar, it’s hard to keep track of where you’re sharing your...

28 January is Data Privacy Day, an international day created to raise awareness and promote privacy and data protection. When you think of a data breach you often think of twelve-year-old hackers recruited...

Nearly a decade into having some of the best plain language legislation in the world, why are we not seeing more comprehensible contracts? Why aren't we seeing more of an effort from companies...

Over the last few months we’ve increasingly been working on redrafting all different types of policies for various different clients. From HR policies to information governance policies. It may seem like a tedious...

Using plain language when you talk about privacy and personal information is key if you want to win your customers' trust. We have written about the POPIA requirement that a business must have...

Good form design can change everything! Many consumer contracts reach consumers as part of an application form. While most attorneys will not consider the form as part of the contract, it often is....

Did you know that people may ask you to delete the personal information you have about them? The Protection of Personal Information Act (POPI) gives the data subject (a person or company) the right...

The first annual review of the functioning of the Privacy Shield was concluded and the report was published on October 18, 2017. What did it cover? The review covered all aspects of the...

The media is buzzing about the biggest data breach in SA. As these developments have shown, data breach can have a severe impact on your ability to do business, and it can tank...

It turns out SA’s largest recorded data breach was traced to a Web server registered to a real estate company based in Pretoria, Jigsaw Holdings. They are a holding company for several real...

In week 6 of our POPI DIY programme we look at what an operator is, and how to make sure you have the right operator contracts in place with yours. In terms of...

A ‘Bring Your Own Device’ policy (BYOD Policy) is essentially a set of rules applicable to employees who want to use their personal devices for work purposes. No policy is a one-size-fits-all, so...

South Africa has drafted (and redrafted) the Cybercrime and Cybersecurity Bill. The Justice Portfolio Committee held hearings on this Bill last week, and I was there. If you’re interested in what the Bill...

We unpack the new UK Data Protection Bill and how it relates to GDPR. On 13 September 2017, the UK Government introduced the new Data Protection Bill (the Bill) in the House of...

  The long awaited POPI regulations are here. They don't say much, but what they do say spells disaster for direct marketers. And you know us, we are not alarmist. Section 69 of...

The draft POPI regulations have just come out for comment. We will be digesting them over the weekend and will let you know what is what on Monday on our blog. Weekend reading....

We’re often asked whether a plain language contract will hold up in court. Whether we’re absolutely certain that, if a consumer is so dissatisfied with a product or service that he or she...

I might be slightly obsessed with Billions, the series. It is riddled with quotable quotes. My personal favourite? “It’s like Highlander: there can be only one” - Bobby Axelrod. Despite my inherent dislike...

All businesses have risks. Ideally, a business would mitigate all the risks, but this simply isn’t practical – you have to prioritise. At a high level risk management is intended to: * Identify...

Want to hear more from us? Fill in your details below and our mailer will land in your inbox.

If you’re like me, you’ve spent at least a little time worrying about the security of your data. About someone hacking your bank account, or Facebook! And we’ve been taught that the best...

I often get asked what ‘appropriate security’ is for a particular business. Although this is a really important question, it is equally important that you ask the right person. The best way to...

The EU-US Privacy Shield is a data transfer framework which provides for the transfer of personal data of EU citizens to the US for processing without the risk of breaching fundamental European privacy...

When we start a new business, putting employment processes and practices in place and ensuring labour compliance is, understandably so, not one of our biggest priorities. Let’s be honest, there are so much...

The recent WannaCry attack was one of the first highly publicised attacks in which ransomware was weaponized and used against numerous companies at once. It has caused many businesses to wake up to...

If you have a new business you often know – somewhere in the back of your mind – that you should be protecting your intellectual property (IP), but you tend to focus on...

How often do you read the terms of use of the websites that you visit? If I could hazard a guess, I’d say hardly ever. Did you spend time and money on drafting...

It seems as though Allied Capital came up with (what seemed like) a clever scheme to avoid the National Credit Act. Essentially the idea was that a consumer would pawn their car to...

As far as we are concerned, there is no question and it turns out that we are not alone in condemning the use of  'the bastard conjunction and/or'. As early as 1932 the American Bar...

Have you been screwed over by a supplier? Here is what you do. #1: Don't hire a lawyer just yet Your first step should be to lay a formal complaint with the supplier...

The National Consumer Tribunal has released a finding which - essentially - finds that Edcon has been unlawfully charging its customers a fee to belong to its club. This finding is very significant...

There is no time to mince our words: The Advertising Standards Association will be liquidated by the end of April 2017 unless the advertising industry decides to bail it out. This was the...

Oh, the scourge of the fine print! How we wish we could get rid of it. But sometimes (not all that often), there are very real risks facing a business which, should they...

Data breaches are almost inevitable. So, in addition to working towards preventing data breaches, you should be asking yourself whether your business is ready to respond quickly and effectively when the pawpaw (or...

Every day thousands of emails go out with email disclaimers. Some of the disclaimers are at the top, others at the bottom and still others contain a simple hyperlink which takes you to...

Before we talk about the challenges of processing the personal information of minors, let’s take a step back. It feels like POPI has been in this kind of legislative limbo for years. Oh...

So, the Information Regulator and the Department of Justice has asked everyone to stop calling the Protection of Personal Information Act 'POPI', but 'POPIA'. Of course, it only took about 5 seconds for...

So, the Information Regulator had a press conference today (13 February 2017). We were waiting with bated breath to hear what the effective date was going to be. Alas (or mercifully, depending on...

Looking for new clients? Don’t we all. Why not expand your client base to the US, Europe or India? Before you send out that gorgeous email campaign, let’s check the rules around marketing...

At Novcon we believe that organisations should have privacy notices that allow consumers to understand their privacy rights and to make informed decisions. We can achieve this by making sure that the wording,...

Hey you! The douchebag attorney/compliance specialist with the newsletter or event to peddle. Stop saying that POPI is coming into effect/commencing/whatever early in whatever year/quarter/month/week you happen to find yourself in. That is...

What is the difference between an accountant and a lawyer? Accountants know they're boring. How does a lawyer sleep? First he lies on one side, then he lies on the other. As the lawyer...

These days, I find it very difficult to see the point of overly legalistic privacy policies normally hidden behind a tiny link at the bottom of a webpage. Apart from the fact that I...

The United State's Court of Appeals for the Second Circuit has refused to re-hear the case between Microsoft and Department of Justice, effectively resulting in it being impossible for a United States court to issue...

Earlier this year Elizabeth wrote a useful article entitled ‘5 Reasons why POPI Compliance Matters’. While Elizabeth’s article addressed why POPI compliance matters, this article focusses on what happens if you don’t have POPI...

When do you have your best ideas? I have mine while on my bike, with the wind in my hair and dust (and often insects) in my mouth. This is when my mind...

An updated version of the Cybercrimes Bill has been published by the Department of Justice and Constitutional Development. This legislation aims to bridge the gap in South African legislation which has emerged as...

(and they have nothing to do with POPIA really) It has become clear in recent years that the proper treatment of their personal information matters to consumers (we have tested this), but why...

South Africa's cabinet has approved the Cybersecurity Bill. If the Bill becomes an Act there will be very definite changes to the legal landscape for all businesses - partly because the cybersecurity bill...

We’ve all been there: the stuffy room with the uncomfortable seats, the monotonous drone of the facilitator reciting legislation – he’s somewhere in the middle of a 144-slide PowerPoint presentation and you’re somewhere...

We love training. Why? Because, done right, training and awareness can mitigate risk and change behaviour for good. But compliance training has gotten a bad reputation. All too often employees associate compliance training...

Paul recently published an article on the Esselaar Attorneys web site considering the plight of the over-indebted consumer who does not have enough funds to be declared insolvent. In essence - in an...

Ilze has written an article regarding the new regulations by ICASA for premium rates services that affect all Wireless Application Service Providers (WASPs for short). In essence ICASA is prescribing how premium rated...

Recently Companies House in the United Kingdom (the United Kingdom version of the Companies and Intellectual Property Commission (CIPC)) took the unusual step of deciding to provide online company information to the public...

When did we start referring to unsolicited marketing messages as 'spam'? While researching my book, I found an article 'The regulation of unsolicited commercial communications (spam): Is the opt-out mechanism effective?' by Sebo...

The introduction of the Protection of Personal Information Act (POPI) will provide direct marketers with more hurdles to clear. The introduction of the CPA gave direct marketers much food for thought. The most...

We have developed an online training programme for employees on the Protection of Personal Information Bill. This is a project with Compliance Online. Go have a peek: www.complianceonline.co.za. The programme comes with extensive reporting functions...

Over the last few months I’ve come across the term ‘smart contracts’ enough times to make me sit up and take notice. Some articles[1] have even mused that smart contracts may mean the...

Since the enactment of the CPA, the question whether goods can still be sold ‘voetstoots’ or ‘as is’ has been a hotly debated topic. The short answer is that ‘voetstoots’ clauses as we...

One of the most common questions I get from consumers relates to whether suppliers can refuse to let them cancel fixed term agreements. In fact, it has happened to me a couple of...

With all the pieces of legislation that are constantly being updated it is easy to miss changes to legislation that are really important – especially if that change comes in the form of...

Most people know that before you can prove an infringement of copyright, you need to prove that the material ('work') that you claim is subject to your copyright must be original enough (and...

As a rule we approach the protection of an organisation's information from four different angles. Rather than focussing on a strictly "legal compliance" perspective we try and gain some benefit for an organisation...

The Durban High Court recently used plain language to provide an out to a consumer who concluded an agreement with Standard Bank. Whether one agrees with the judgment or not, this case is...

Regulation 44 of the Consumer Protection Act 68 of 2008 contains a list of terms which are presumed to be unfair. A supplier is allowed to insert these terms. However, where the supplier...

Few of the provisions of the CPA have been more perplexing to attorneys than section 22, which deals with the plain language standard. Perhaps this is because, ironically, the section which explains what plain...