Saturday, 28 January 2012 marked international Data Privacy Day. The day highlights the impact technology is having on our privacy rights and underlines the importance of valuing and protecting personal information. While the day is recognised internationally by business professionals, corporate South Africa is grappling with our privacy legislation.
As South Africa's Protection of Personal Information (PPI) Bill looms over the county's corporate sector, many companies are racing against time to grasp the compliance demands of the legislation. Unfortunately, in their haste, many are underestimating the benefits that compliance could bring to their operations.
“The PPI Bill is a natural progression for South Africa. At its most basic, the legislation reinforces every South African's constitutional right to privacy. At the other end of the scale, it brings the country into line with most of its significant international trading partners, a factor that builds confidence when information is transmitted across borders,” says Deloitte Legal Director, Dean Chivers.
Looking beyond compliance, effort and cost, there is substantial value for those implementing PPI. The value of the corporate brand will increase, with customers and business partners having more trust in the organisations with which they do business. According to Chivers, this customer value can translate into financial benefits.
PPI's value for a brand is incalculable. The recent announcement that about R41 million had been stolen by hackers infiltrating the PostBank database illustrates perfectly the reputational and monetary loss involved when customer information is hacked.
The recent case where Zappos in the USA was hacked and had to notify in the region of 24 million customers of the breach and implement preventative measures further indicates some of the potential downside. Indeed, data events like hacking, data loss, unauthorised data use, insufficiently regulated outsourcing and cross-border data transfers all presented significant value risk.
Added to this, on 25 January 2012, the European Commission proposed increased penalties for data privacy breeches, which envisage penalties of up to 2% of a company's global annual turnover.
“While companies will need to reassess their data management process, analyse their security, amend processes and change their contracts, companies should not look at the PPI Bill as purely an inconvenience. Rather, by aligning the requirements of the Bill to existing projects and reporting structures, PPI can offer a sustainable and measurable return on investment,” concludes Chivers.
Should you wish to chat to Dean Chivers, please do not hesitate to contact me.
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's approximately 182 000 professionals are committed to becoming the standard of excellence.
This publication contains general information only, and none of Deloitte Touche Tohmatsu, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.