Parts of POPI already in effect
Law firm Michalsons notes some parts of SA's long-awaited Protection of Personal Information (POPI) Act are already in effect, but that no date has yet been set for when the law in its entirety will come into effect.
The legislation was signed into law by president Jacob Zuma last November. Companies will only have between one and three years to comply with its requirements, after a promulgation date is announced.
The law is SA's first consolidated piece of legislation detailing how individual and company information must be dealt with. It is also expected to cut down on spam, because it makes provision for an opt-in regime when it comes to electronic communication from companies.
Under the law, companies face a fine of up to R10 million - or a decade in jail - if they breach its provisions, and could also encounter civil class-action lawsuits. However, the most damaging penalty will be reputational damage, because organisations will have to inform people if their data has been breached.
Michalsons notes the sections that have come into effect already are "not of great significance". It adds: "The wheels have started to turn, but not much has changed. This development does not mean that you should go any faster or slower than you are already going."
Among the parts that are in effect is that the Information Regulator has been established, but not yet staffed, a process that will only happen after next week's elections, Michalsons says. In addition, the minister and the information regulator may now make regulations, although these, in draft form, are not expected before June, it adds.
Michalsons anticipates the bulk of the law coming into effect from early- to mid-2015.