The Protection of Personal Information Act (POPIA) is South Africa’s data protection law. This is a summary or short explanation of why it …
Now, there is a question. It depends on the organisation, but often, it is someone in legal or compliance. But no formal qualifications are required by law. It is essential that the person you select as your information officer (IO) [...]
Responsible parties should register their information officer online (encouraged) as soon as possible. Failing to register your information officer is not a criminal offence, but there can be severe consequences. If you struggle to register on the portal, we [...]
Information security is a more comprehensive approach to safeguarding all types of information. Data protection really focuses on personal data or sensitive data.
POPIA aims to protect the privacy and security of personal information processed by public and private bodies. It sets out conditions for the lawful collection, use, storage, and destruction of personal information. PAIA aims to give effect to the constitutional [...]
The Information Regulator (IR) does communicate with other regulators but because each regulator has its own mandates, the IR is confined to the parameters of POPI and PAIA and anything that falls outside the four corners of these Acts will [...]
The initial difficulty that South Africa is facing is that it does not have a cybercrimes commission. At present, the Information Regulator works closely with the police and the Hawks but uses its own processes separate to those used by [...]
The Information Regulator will have a similar role with the Cybersecurity Act as it does now when receiving data breach notifications. A data breach is usually occurring at the same time as when a cybercrime is happening. The difficulty with [...]
The Information Regulator plans to clarify its updates on prior authorisation such as making application forms easier to use, in an upcoming guidance note. When dealing with personal information, remember to consider it in a holistic point of view. There [...]
The Information Regulator (IR) has discretion in when to assess organisations' data processing practices under both POPIA and PAIA. They follow prescribed procedures and inform applicants about the scope and reasons for the assessment. For POPIA assessments, factors considered include [...]
The information regulator would like to clarify that it is not a cybercrime agency and does not investigate cybercrimes. They do concede that there is a need for a cybercrime agency to assist in the regulation of cybercrimes in the [...]
The rules that apply to when sending data to EU countries is not straightforward. The person who is sending that data will have to make an assessment as to whether making a transfer to the intended country has the appropriate [...]
There is a need for new safeguards the regulation to cater to a manageable way of dealing with cross-border flows. The Information Regulator has decided not to develop a white list because it would be quite challenging to review and [...]
