Subscribe
  • Home
  • /
  • Security
  • /
  • Xperien, IACT-Africa partner to protect personal data

Xperien, IACT-Africa partner to protect personal data

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 14 Dec 2015
Organisations could face massive fines and reputational damage claims if they fail to upgrade IT security systems on time, says Xperien's Wale Arewa.
Organisations could face massive fines and reputational damage claims if they fail to upgrade IT security systems on time, says Xperien's Wale Arewa.

While SA awaits the announcement of a commencement date for the Protection of the Personal Information (POPI) Act, some organisations are being prompted to rethink how they approach the reuse, protection, recycling or recovery of their eWaste.

According to Wale Arewa, CEO of Xperien, the Act will force companies to change their attitude towards IT security. It will also hold organisations liable for the safety of their information and they could face massive fines, civil claims and reputational damage claims if they fail to upgrade information technology security systems ahead of the implementation of the Act.

The POPI Act, which was signed into law in November 2013, promotes transparency regarding what information is collected and how it is to be processed. Data protection in SA is regulated under the broad constitutional right to privacy, the common law and a few pieces of legislation that contain interim provisions relating to data protection.

"With the increase in electronic commerce globally, large industries managing computerised databases of millions of individuals' records and the surveillance of computer systems, prompt demands for specific rules governing the collection and handling of personal information. The successful adoption of this Act will depend on a comprehensive understanding of the digital aspect of the new laws," adds Arewa.

The company says they have partnered with Governance, Risk and Compliance company IACT-Africa to help organisations change their data capturing and storing processes to ensure the personal information and data they collect is protected.

"When we partnered with IACT-Africa, we soon realised that instead of it being a burden, as perceived by most organisations, the POPI Act actually presented us with opportunities," he says.

According to the company, privacy is a valuable aspect of personality, therefore data and information protection should form an element of safeguarding a person's right to privacy. It should provide for the legal protection of a person in instances where his or her personal information is being collected, stored, used or communicated by another person or institution.

John Cato, founder and CEO of IACT-Africa, says over the past 18 months its clients have repeatedly seen compliance with the POPI Act as a support and not a hindrance to business growth.

"Our ability to reduce the risks associated with uncontrolled asset and device disposal or deployment can provide a huge step towards POPI Act compliance as part of the overall compliance strategy recommended by IACT-Africa. The POPI Act philosophy of respecting data privacy in SA is opening the door to develop new products and services," explains Cato.

According to IACT-Africa, these services range from advanced document and device shredding capabilities, which more effectively destroy paper and electronic documents, to new online education offerings focused on POPI Act compliance, to providing competitive advantage in demonstrating market leadership compared to one's competitors in the areas of good governance and legislative compliance.

Xperien and IACT-Africa say they both recognise that many organisations have until now not thought seriously about the disposal of digital devices which could contain personal information as defined in the POPI Act. This partnership will also assist organisations keep abreast of new technology while lowering the carbon footprint.

"Something as innocent as the office copier, fax or printer has a potential to blow a hole in your compliance efforts through negligence of personal information, unless properly managed," says Dr Peter Tobin, IACT-Africa consultant and CEO of PTC, strategic partner of IACT-Africa in the field of POPI Act compliance.

"When talking to our clients about compliance with the POPI Act, we take a holistic view. This includes looking at the lifecycle of all their digital devices and the risks those items represent in terms of non-compliance if not handled correctly," he adds.

Organisations that ignore the changes POPI will introduce could face financial and reputational losses, Cato concludes. The loss of confidence they face from their suppliers and customers could seriously jeopardise their business.

Share