The purpose of the PoPI Act, or the Protection of Personal Information Act in South Africa, is to ensure all institutions responsibly collect, process, store, share and otherwise handle personal information by holding them to account for any abuses. It is important that any organization in South Africa handling this information practices PoPI cybersecurity compliance.
Organizations use the Threatcare Suite to verify security through breach and attack simulations. Threatcare, the leader in proactive cyber defense, believes that companies have a “right to know" if their cybersecurity is properly in place.
The legislation states that personal information is consider a “precious good” and as such bestows upon the individual, who is owner of said personal information, key rights and protections in which the individual can control. They include:
Firms that are PoPI compliant, then, must adhere to all of these provisions.
Some examples of “personal information” include passports, birth dates and age, phone numbers, online identifiers, physical address, gender, race, ethnicity, photos and voice recordings, video footage (including CCTV), criminal records, private correspondence, employment history, marital relationship, education, financial information, health data and more.
Since we now live in an age when it is popular, even fashionable, to divulge personal information — largely online, on social media platforms — often we do not think twice about it. That’s why it was important for the South African government to pass this legislation.
The law also notes that some personal information, by itself, doesn’t necessarily permit a third part to confirm or infer a person’s identity to the point where it can be abused and missed for other purposes. For instance, the combo of someone’s name and phone number and/ore email address is much more significant than just a name or a phone number by themselves.
As such, the law specifies that a “unique identifier” must be data that directly correlates “that data subject in relation to that responsible party.”
Use Threatcare to verify PoPI cybersecurity compliance.