Share

Many businesses still ill prepared for Popi - survey

Cape Town - A recent survey has raised concern about a lack of awareness among South African organisations about the legal requirements around storing and disposing of confidential data outlined in the Protection of Personal Information (Popi) Act.

More than three-fifths of small and medium enterprises (SMEs) surveyed and a third of larger organisations in South Africa surveyed believe Popi does not apply to their business, according to the first South Africa State of the Industry - Information Security report conducted by research body Ipsos on behalf of information security company Shred-it.

Findings of the survey, which was launched on Friday last week, show C-suite executives (70%) are more likely than SMEs (37%) to understand the implications the Popi Act has on their business. Although the act is yet to be fully implemented, once it comes into force businesses are given a grace period of just one year to comply.

Organisations which do not adopt the act after this time could face financial penalties of up to R10m, or a prison sentence of up to 10 years.

Nearly half (46%) of C-suite executives and one-third (32%) of SMEs say the Popi Act will put pressure on their organisation to change their policies related to information security. Despite this, one-third (32%) of SMEs say they currently have no protocol for storing and disposing of confidential data.

By contrast, C-suite executives are more likely to have policies in place, with over half (57%) saying they have a protocol that is strictly adhered to by all employees. However, a further third (37%) with a policy in place admit that not all employees are aware of these protocols.

This highlights a worrying gap in knowledge for employees, resulting in personal information potentially being compromised as they are unaware of how to correctly protect, process and securely dispose of data.

Just half of C-suite executives (55%) and SMEs (51%) say client/customer information would threaten the stability of their organisation in the event it was stolen, which is concerning as this information is often confidential and the loss of this data could cause significant legal, financial and reputational damage.

Likewise, only 37% of C-suite executives and 22% of SMEs note that the theft of HR/employee information would be damaging, despite the fact that this often contains highly sensitive personal information about individuals, highlighting a lack of knowledge from South African businesses around what information could put them at risk.

Businesses can increase security by implementing a Clean Desk policy, which means all information must be secured, for example in a locked drawer, when an employee is away from their desk, and a Shred-it All policy, which means that all office paperwork is destroyed before being recycled.

Some companies have already responded to these security risks, with 80% of C-suites and 64% of SMEs stating that they have a Clean Desk policy in the workplace.

Tom Bell, regional manager at Shred-it South Africa, said: "Understanding the legislative environment is crucial for businesses in South Africa to ensure they are implementing best practices to safeguard the confidential information of their customers, employees and partners. However... organisations are not prioritising this, nor are they putting policies in place to help employees understand how to securely store and dispose of sensitive data.

"By neglecting to put policies in place, businesses are at serious risk of a data breach, which causes significant legal, financial and reputational harm.”

The survey results indicate a need for government to take action and help South African businesses understand their information security priorities, with both C-suite respondents (47%) and SMEs (55%) saying government commitment to information security needs improvement.


We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.96
-0.1%
Rand - Pound
23.92
-0.1%
Rand - Euro
20.43
+0.0%
Rand - Aus dollar
12.35
-0.0%
Rand - Yen
0.13
-0.1%
Platinum
908.05
+1.2%
Palladium
1,014.94
+1.3%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders