Cape Town - As the July 1 commencement date for the Protection of Personal Information Act (Popia) draws closer, schools in the Western Cape are among organisations that have been scrambling to ensure compliance.
Popia regulates the usage and collection of personal data. Organisations are required to handle all data carefully and provide customers with tools to update or delete personal information.
They also need to alert consumers immediately if there is any form of breach. Failure to comply will result in steep fines for violators.
According to experts, schools and other tertiary institutions store and process more personal information than most other organisations, and as such are by far the most affected by the new law.
Xperien IT asset disposition specialist, Bridgette Vermaak, whose job is to securely decommission old hardware, said it was a concern that many schools have heaps of old computer equipment lying in their storerooms.
“This equipment has huge amounts of data, not only on the pupils, but on parents and teachers as well. Reckless disposal of electronics is a huge source of illicit information and it often puts schools at risk.
“Schools also need to implement a data protection programme that aims at helping pupils understand their responsibilities. Children must understand the implications of unauthorised publishing of personal information and images of third parties, including all social media platforms like WhatsApp, Facebook and Instagram.”
Education MEC Debbie Schäfer’s spokesperson Kerry Mauchline said the department recently gave all of its school principals and circuit managers training related to the implications and implementation and compliance strategy on Popia.
“The department will provide schools with a template of a privacy policy and will be registering principals as Information Officers with the Information Regulator, bearing in mind that they can also appoint deputy Information officers, depending on the size of the school.”
With regard to the concerns about the reckless disposal of electronics, Mauchline said that Popia mandates schools to destroy or delete a record of personal information as reasonably practicable after the responsible party is no longer authorised to retain the record.
“Schools are expected to ensure that the destruction or deletion of a record of personal information is done in a responsible manner that prevents its reconstruction in an intelligible form.”
Meanwhile, according to a recent survey, only 22% of South African businesses are aware of privacy laws governing their marketing activities, despite Popia being set to take effect on July 1.
According to WorldWideWorx chief executive Arthur Goldstuck a survey, conducted by WorldWideWorx and commissioned by global technology company Zoho, also revealed that while businesses are concerned about the privacy of customer's data in the hands of third-party vendors, they rely on such vendors for revenue generation, and gathering customer insights.
“This makes it harder for them to move away. When Popia comes into effect, and defaulters face severe fines and garner negative media attention, most companies will start complying fully and restructure their marketing operations," said Goldstuck.