Section 55 of the Protection of Personal Information Act 4 of 2013 (POPIA) sets out the duties and responsibilities of the Information Officer.
Registration of the Information Officer and Deputy Information Officers is only the start of the process. Many businesses believe that once the aforesaid is done, they are compliant, which is not the case. Although there are no criteria that the Information Officers need to meet, as the Information Officer must work with the Regulator. The writer encourages business owners to appoint person/s that can fulfil the duties and responsibilities set out in the above Section.
The fact that the Information Officer has drafted, implemented and trained staff on POPIA guidelines and policies is also not enough. The writer encourages all Information Officers to re-evaluate business-compliant strategies, especially at the beginning of the year. To have a good look at the personal information that the business is collecting, and if the personal information is reasonable and justified? If not, to discontinue collecting the information and to safeguard the information being collected. The writer encourages POPIA guidelines and policies to form part of the business induction to ensure that new staff members do not make the business vulnerable to any breaches in terms of POPIA.
To find out how SEESA can help your business visit our website at:
#TeamSEESA