Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      War of words erupts over home affairs database fee hike

      24 June 2025

      Don’t expect Starlink in South Africa anytime soon

      24 June 2025

      Finally! Tribunal unpacks why it blocked Vodacom’s Vumatel deal

      24 June 2025

      Samsung to unveil new folding phones at July event

      24 June 2025

      Capital Appreciation banks on payments to offset software slump

      24 June 2025
    • World

      Mira Murati’s Thinking Machines hits $10-billion valuation

      24 June 2025

      Watch | Starship rocket explodes in setback to Musk’s Mars mission

      19 June 2025

      Trump Mobile dials into politics, profit and patriarchy

      17 June 2025

      Samsung plots health data hub to link users and doctors in real time

      17 June 2025

      Beijing’s chip champions blacklisted by Taiwan

      16 June 2025
    • In-depth

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025
    • TCS

      TechCentral Nexus S0E3: Behind Takealot’s revenue surge

      23 June 2025

      TCS | South Africa’s Sociable wants to make social media social again

      23 June 2025

      TCS+ | AfriGIS’s Helen Hulett on how tech can help resolve South Africa’s water crisis

      18 June 2025

      TechCentral Nexus S0E2: South Africa’s digital battlefield

      16 June 2025

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025
    • Opinion

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      South Africa risks being left behind as stablecoins reshape global finance

      6 June 2025

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » CIOs welcome Popi for enforcing data protection

    CIOs welcome Popi for enforcing data protection

    By Micro Focus12 February 2020
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Despite the vast amount of disruption companies must endure to comply with looming new privacy laws, many CIOs are welcoming the process.

    They’re expressing support for the onerous Protection of Personal Information (Popi) Act, because the threat of jail will finally force companies to implement privacy measures their CIOs have been championing for years.

    “It’s forced a shift in how we deal with personal information and forced ethical data processes and practices,” said Imraan Kharwa, the information security officer for Tourvest. “It’s made me personally a champion of privacy and ethics and that’s spreading throughout the business, whereas pre-Popi, data was just a commodity hovered up by businesses without any ethical form of handling it.”

    Tourvest’s Imraan Kharwa

    Absa’s head of technology, Verushca Hunter, said so many regulations already exist that if a company is using best practices and behaving ethically, Popi isn’t a major deal. However, since there hasn’t been any real punishment for a sloppy approach, people haven’t bothered. Popi will finally enforce higher standards of data privacy and security, although retrofitting that into an organisation with thousands or millions of clients will take plenty of time and money.

    Absa’s Verushca Hunter

    These IT leaders were speaking at a TechCentral roundtable to debate how to turn the pain of Popi compliance into a gain, by eliminating unnecessary data to free up storage space and management time, consolidating essential data for easier analysis, and making it more secure, to achieve a competitive and operational advantage.

    Every company in South Africa will be affected by the Popi Act, which lays down the law for collecting, processing, storing and sharing information about an individual or a company. It holds them accountable for any abuse or compromise of that data, and any privacy breach must be declared quickly. It also creates far tighter restrictions around targeting people with unsolicited electronic communications.

    It will be an expensive and onerous process, but CIOs are positively welcoming of the end results, if not the actual process of achieving them.

    Telkom’s head of corporate information security governance, Steve Jump, said his company is already benefiting enormously. “It’s allowed us to achieve positive improvements in security that I didn’t think were possible. Popi is the catalyst that’s enabled that,” he said.

    Telkom’s Steve Jump

    The benefits outweigh the expense, as system stability, efficiency and security have improved now that access controls are enforced. “There’s always someone who has found a way to produce an extra pay cheque, and the information monitoring that Popi calls for gives visibility to internal frauds. Internal compliance isn’t as ‘ignorable’ as it was.”

    Telkom is now behaving in a more responsible way and has processes in place to identify and report a potential breach. Overall, Popi has changed the way it does business and has usefully focused its IT security budget into the crucial areas, Jump said.

    The Popi Act has been looming since 2013, and should finally become law this year. Companies will then have a year to comply, although the roll-out of a comprehensive compliance plan can take years.

    The process can start by identifying who owns the data to allocate accountability, then appraising them of the risk, the need for protection and the cost of compliance compared to the risk of non-compliance.

    It’s one of the largest IT projects a company will have to conduct, and it should already be underway, says Gareth de Laporte, the channel and alliances manager at Micro Focus South Africa, because for large companies with masses of data the process could take 30 years. Yet Microfocus estimates that a staggering 35-60% of data held by the average company is irrelevant, unnecessary and not legally required.

    Micro Focus South Africa’s Gareth de Laporte

    Pieter van der Walt, the data integrity manager for Discovery, agreed that companies inherently hoard their data, so Popi will prove useful by setting out what they need to keep and prevent them from retaining everything “just in case”.

    Discovery’s Pieter van der Walt

    When it comes to implementation, Laporte said some customers horrify him by saying they aren’t worried because they’ll just dump all their data in the cloud. That will be a disaster if they don’t analyse it and clean it first.

    A customer may exist in multiple places in their databases, and without an inventory it could prove impossible to eliminate someone who demands the right to be forgotten, for example. Besides, some cloud providers may have rules absolving them from the legal responsibility of protecting data, so companies must deal with the cloud as carefully as they deal with on-site records.

    While achieving compliance will inevitably require more tools, Laporte warned against throwing money into software. “Tooling is 5% of your problem – 95% of your problem comes in the discipline. It’s not just about knowing and meeting the check boxes, it’s ongoing discipline that you will have embedded in your organisation forever. The tools are a small subset of the entire ecosystem.”

    The surest way to galvanise executives into driving Popi compliance is by quantifying the cost of non-compliance, said Ritasha Kalidas, the director of IT security, risk and governance at Tiger Brands. She worked at Absa when it was owned by Barclays, and Barclays estimated the cost of addressing and recovering from a data breach as somewhere between R120-million and R140-million. That included legal and forensic fees and communicating with customers. Once a figure is put on the risk, the dynamics change because the executives realise what’s at stake, she said.

    Tiger Brands’ Ritasha Kalidas, right

    The process Barclays took started by putting a privacy policy in place, working out how to respond to an incident, raising the awareness of employees so they understood the issue, and dealing with third parties when data is transferred between them, Kalidas said.

    Retail giant Edcon has been working on Popi compliance for two years, and Chene Maartens, its executive of IT governance, risk and compliance, recommends starting with the human resources functions for on-boarding and off-boarding staff.

    Edcon’s Chene Maartens

    Making those Popi compliant will touch many different areas of the business like access management, employee data, payroll and health and safety, so the ripple effect is huge. “By fixing one level, you are achieving a hell of a lot of adherence to a whole lot of things you need to adhere to,” Maartens said.

    • This promoted content was paid for by the party concerned


    Chene Maartens Gareth de Laporte Imraan Kharwa Micro Focus Pieter van der Walt Ritasha Kalidas Steve Jump Verushca Hunter
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleiTMaster’s Stanton Pillay – from company driver to CEO
    Next Article Hackers could shut down satellites – or turn them into weapons

    Related Posts

    IT Leadership Series | Infobip DPO Imraan Kharwa

    5 April 2023

    Understanding the Modernization Maturity Model

    3 February 2023

    Achieving cost-efficient cloud content management

    6 December 2022
    Company News

    Communication costs exploding? Telviva has a fix for UK-SA teams

    24 June 2025

    Section 18A deductions and BEE points – a strategic choice for business compliance in 2025

    24 June 2025

    Huawei Watch Fit 4 Series: beauty, brains and a battery that won’t quit

    24 June 2025
    Opinion

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    AI and the future of ICT distribution

    16 June 2025

    Singapore soared – why can’t we? Lessons South Africa refuses to learn

    13 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.