Advocate Pansy Tlakula. File picture: Phill Magakoe Advocate Pansy Tlakula. File picture: Phill Magakoe
Johannesburg - Parliament’s much-delayed selection of advocate Pansy Tlakula to chair the National Information Regulator has been widely welcomed by data protection and privacy experts as a crucial milestone to the implementation of the Protection of Personal Information (Popi) Act.
The consensus is that despite the controversy surrounding the disgraced ex-head of the Independent Electoral Commission (IEC), her appointment will hasten South Africa’s path towards being globally competitive on privacy matters and international data exchange law.
Deloitte’s Mimi le Roux said the decision ended a frustrating delay of more than two years during which South Africa fell increasingly behind its key trading partners in terms of data protection best practices.
“Until the laws become effective key trading partners like Europe will not trust SA’s data protection laws enough to confidently impart information,” said Le Roux.
She said multinational and local organisations positioning their services globally were all anxious about data sharing outside of South African borders for various reasons.
“Information technology projects and discussions around open data for economic development need to move forward, strategic decisions around location of cloud hosting need to be taken. Global participation must be enabled for the South African economy to grow.
“With each delay to Popi, South Africa was falling further behind the strides being made by peer countries in getting their data laws up to scratch,” Le Roux said.
Delayed
Tlakula’s long-awaited appointment was delayed at the end of last year and again this May. It finally got the green light from Parliament last week, but not without opposition from the DA, EFF and Inkatha Freedom Party.
They argued that she could not be trusted with the post so soon after being forced to quit the IEC, following allegations of compromised integrity and an investigation by Public Protector Thuli Madonsela into procurement of the commission’s Riverside Office Park building in Centurion, Pretoria.
Elizabeth de Stadler of Novation Consulting advised local business owners who had been adopting a wait-and-see approach to Popi not to panic, now that the stalled process was in motion again.
“This appointment does not mean the act is now in force, although you could be forgiven for thinking so, judging by the alarmist messages coming from the Popi experts coming out of the woodwork,” said De Stadler, who specialises in consumer and data protection law.
Don't sit back
“Once Popi becomes law, and we have no indication when that will happen, businesses will have between 12 months and three years to comply. This doesn’t mean you should sit back and do nothing, but there’s no need to rush into half-baked, costly solutions.”
Companies whose core business model was built around personal information should now be prioritising measured, well-considered steps to ensure they were Popi compliant. These included retailers who drive sales through loyalty programmes and insurance companies who rely on leads they purchase to acquire new customers.
Such companies should take data security and privacy seriously, regardless of Popi, as the reputational damage of a security lapse could be crippling. De Stadler gave the example of the infamous breach at US retailer Target.
“It’s a cautionary tale. It could happen right now with one of our retailers. Their reputation would take a severe knock, along with the share price.”
BUSINESS REPORT
