POPIA stands for the Protection of Personal Information Act – the South African data privacy and data protection law that was enacted in 2013. Many people use the acronym POPI or POPI Act to refer to it. Some people use PoPI. Which is the correct one?

The Information Regulator prefers POPIA

The Information Regulator has expressed a preference for POPIA because it sounds similar to PAIA. At the media briefing in Cape Town on 13 February 2017, the Information Regulator stressed that the Information Regulator is not the POPI Regulator and is actually responsible for both the protection of personal information and access to information. For this reason, they feel it is important that people should be consistent when referring to the two Acts. If PAIA includes the A for Act, then POPIA should too. POPIA is therefore the short version of the POPI Act. They are effectively synonyms.

In both acronyms, the focus should be on the word information. The Information Regulator’s tag line is “ensuring protection of your personal information and effective access to information“.

The Parliamentary drafting committee also voiced their preference for something other than POPI. POPI is slang Afrikaans term for a doll, which may have been one of the main reasons.

You say POPI. I say POPIA.

Is there a difference between POPI and POPIA?

Yes, we think there is. POPI is short for the protection of personal information (a topic) as opposed to POPIA which is short for the Protection of Personal Information Act (the Act). POPI is a synonym for data protection. They are both topics which refer to the protection of personal information or data, and can be used interchangeably. The topic POPI is much broader than POPIA – the Act.

Does it matter?

It doesn’t really matter what acronym you use, but what is important is that the South African data protection law develops its own brand – a name that people will recognise and be able to refer to. At the moment, most people know it as POPI or the POPI Act. It will take some time for this to change and for people to start referring to it as POPIA.

Considering that the Information Regulator is the ultimate authority for data protection, if they want the Act to be called POPIA, then it shall be.