With concerns about online privacy, South Africa’s new Protection of Personal Information Act (POPI) comes into effect on July 1 with some strong implications for businesses and consumers alike.
July 1 marks the implementation of the long-awaited Protection of Personal Information (POPI) Act in South Africa. Aimed at bringing the country up to date with international standards of privacy and data protection, the act provides a similar function to that of the European Union’s General Data Protection Regulation (GDPR). Both the POPI Act and the GDPR are intended to safeguard consumer data and prevent its misuse.
With the passing of the act, individuals and organizations with access to the personal information of others are now subject to a set of minimum standards of data security, in addition to regulations relating to the distribution and use of such information. Personal information, as defined in the act, includes (but is not limited to) a person’s age, race, and address, as well as their medical, financial, and employment history.
The implementation of the act has particular significance in light of the ongoing Covid-19 pandemic, which has shifted the workplaces and personal lives of many online. Moreover, a number of significant data breaches in recent times – such as that of Experian in 2020 – have brought concerns about online privacy to the forefront of public discourse.
In 2020 alone, nearly one in 14 people in South Africa experienced some form of fraud (Global Economic Crime and Fraud Survey 2020). Impersonation and identity theft rates increased 337% in the same year, according to the South African Fraud and Prevention Service (SAFPS 2020).
“We are really reaching a critical point when it comes to the economy and the extreme measures that criminals will use to perpetrate fraud. The 2020 statistics, that were collected by the SAFPS, indicate that there are significant increases in key areas and that there is a long road ahead to address this challenge,” said Manie van Schalkwyk, CEO of SAFPS, during the Insurance Crime Bureau International Fraud Summit earlier this year.
“The Fourth Industrial Revolution is driven by data and cyber criminals are conducting targeted attacks on servers to steal valuable data and use it to commit fraud,” says Van Schalkwyk.
The act aims to mitigate consumer risks in several different ways, such as ensuring that businesses obtain informed consent from consumers for the use of their information, and regulating the transfer of personal information across borders. The task of enforcing these standards falls on the Information Regulator of South Africa, which the POPI Act has empowered to issue fines for non-compliance of up to R10 million ($702,000).
While some initial difficulties are to be expected as businesses adapt to these new regulations, the passing of the POPI Act has equipped South Africa with a powerful tool to protect its citizens from some particularly damaging and widespread forms of fraud.