During a media briefing on 11 September 2024, the Information Regulator shared an overview of its work since its last report in March 2024. These include the progress of investigations, cases and projects.
POPIA
The Regulator revealed an alarming 980 security compromises reported since April 2024. This statistic highlights that many organisations may lack the necessary safeguards to protect personal data as required by the Protection of Personal Information Act (POPIA). The Regulator also emphasised that during compliance assessments, they now actively review the security measures organisations have in place. Furthermore, since April, the Regulator issued four POPIA-related enforcement notices, underscoring the urgent need for robust data protection measures.
Direct Marketing through Unsolicited Electronic Communications
Earlier this year, the Regulator announced the drafting of a Guidance Note on Direct Marketing. The aim is to guide public and private bodies on complying with POPIA when processing personal information of data subjects for direct marketing other than by unsolicited electronic communications in terms of Section 11(3)(b) and by unsolicited electronic communications in terms Section 69 of POPIA. The Guidance Note also seeks to empower data subjects to protect their rights more effectively.
In July 2024, the Regulator shared the draft Guidance Note with relevant stakeholders in the direct marketing sector, and it has since been considering industry feedback. A stakeholder engagement has been set for the end of September, ahead of the publication of the final version of the Guidance Note.
PAIA
On PAIA related matters, the Regulator conducted over thirty Promotion of Access to Information Act (PAIA) compliance assessments since April 2024. Examples of institutions that were assessed included three social media platforms, seventeen law firms and Schedule 2 public entities such as the Development Bank of Southern Africa, ESKOM, Telkom SA and Transnet.
The Regulator is preparing to submit proposals to Parliament for the amendment of PAIA. The proposed amendment aims to strengthen the enforcement powers of the Regulator in terms of PAIA. The Regulator noted that the current provisions in PAIA are too mild, which may contribute to the laxness of compliance. This comes after overall low levels of submissions of PAIA Annual Reports, despite a slight improvement since the previous year.
Do you need assistance with your POPIA Compliance?
POPIA compliance isn’t just a legal requirement; it’s essential for maintaining trust and protecting your business against data breaches.
At Masthead, we offer tailored POPIA compliance services focused on training, implementation and monitoring, ensuring your business complies with POPIA and safeguards personal data effectively.
Contact us today for guidance on POPIA or click here for more information.