The novel additions to the Protection of Personal Information Act (POPIA) that came into effect on 1 July 2020 aims to protect companies against data breach and the misuse of personal information. The media and communications industry is one of the industries that will be affected by this legislation as the industry uses their clients' information to achieve their marketing and communication objectives, more especially in the digital age.
Photo by Christina Morillo© from Pexels
The media and communication industry affected by the POPIA because one of the industry’s main objectives is to convey information/messages about businesses, and individuals that are affiliated with communications companies. These companies share information through television and radio broadcasting as well as other publishing platforms for advertising and marketing purposes.
The newly implemented POPIA objectives include regulating how companies process consumer personal information, how they get hold of that information and how they use it for their businesses. The act is more likely to impact this industry positively than it would negatively, when a company complies with the POPIA regulations, they stand a good chance of protecting themselves against any legal penalties should they experience data breach.
“The implementation of the POPIA will most definitely change how we operate in the communications industry. The act strongly states that there will be more regulations put in place as to how we process client information and share it without compromising our clients’ safety or personal information,” says Mkhuseli Vangile, managing director at Dynaste Communications Firm (DCF).
The sector uses people’s personal data for many reasons. Most communications companies buy and sell client data and share this with various organisations for different reasons. Marketers buy data to tailor their marketing efforts to the right people, PR people subscribe to databases that have contact details of all journalists and call centre companies buy people’s data to sell them products. This makes the communication sector an information sector that does not operate without people’s personal data. For this reason, communications companies are required to have protective measures in place which will enable them to safeguard valuable information.
“Communications firms now need to affiliate themselves with cybersecurity companies such as LAWTrust, having an excellent cybersecurity has proven to be beneficial to being POPIA compliant as a company. The communications industry deals with sensitive information on our websites, social media and emails, even databases. Ensuring that we have tight cybersecurity policies in place to protect ourselves from data breach while complying with POPIA regulations goes a long way,” added Vangile.
POPIA further states that companies that fail to comply with its requirements are likely to face penalties of up to R10m or possible jail time, therefore it is not an option for those companies to avoid compliance. Also, not having proper cybersecurity measures in place companies may suffer a financial knock as a result of these penalties and having to start afresh in restoring the company’s reputation as well as ensuring their clients that their information is protected.
Considering economic climate, it is not worth risking a company’s reputation by failing to comply with the POPIA. Apart from jail time and fines as repercussions, no potential client would want to be affiliated with an organisation that does not adhere to regulations which is also at risk of experiencing data breach due to the lack of proper cybersecurity measures as per POPIA requirements.