Boldon James Classifier, the market leading data classification product, supports compliance with the Protection of Personal Information Act (POPIA) by:
Ensuring appropriate control
of confidential or sensitive information
Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements
Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information
Educating users about the sensitivity of data whilst ensuring adherence to corporate policy
Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities
Enabling rapid search and data retrieval based on classification labels to support subject access requests
Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management
Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements
The Protection of Personal Information
The Protection of Personal Information Act (POPIA)
The Protection of Personal Information Act 4 of 2013 (POPIA) introduces an overarching regulatory framework for the processing of personal information and was ratified on 19 November 2013. The POPI Act intends to promote the protection of personal information processed by public and private bodies and introduces minimum requirements for the processing of personal information. To date, only certain sections of the POPI act have come into effect, with the remaining sections coming into effect upon proclamation of a commencement date by the President.
The enactment of the POPI Act was intended to stem the tide of free-flowing personal information and offer protection to South Africans seeking to uphold their constitutional rights to privacy and dignity, as well as bringing South Africa on par with those countries which have existing data protection legislation, such as the EU GDPR.
In simple terms, the purpose of the POPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.
It is important for organisations not to become complacent and start getting their data protection practices in order now – determining the risks to be managed, understanding what data needs to be protected and starting to secure it now, and putting resources and policies in place. The best place to start is with data classification – the first step to a truly data-centric approach to protecting personal information
Of The POPIA
- Maximum fines for non-compliance can be up to R10million and could result in a prison term for those deemed responsible
- The Information Regulator has power to issue an Enforcement Notice requiring the organisation to stop processing personal information
- POPI provides for the appointment of an Information Regulator (IR), who is responsible for investigating the breach and monitoring and enforcing compliance with POPI as well as the Promotion of Access to Information Act
- Disclosure of a breach must be given to the Information Regulator, as well as affected individuals
- All organisations, regardless of size or location, must comply with the POPI Act if they hold any personal data on South African citizens
- Examples of “personal information” for an individual could include identity and/or passport number, private correspondence, employment history, health information and membership of unions
With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.
We integrate with powerful data security and governance ecosystems.
We protect business critical data, improve data control and reduce risk.
We deliver improved and streamlined business performance.
We are a “safe pair of hands” that constantly deliver success.