This is according to Anne-Marié Pretorius from the consulting firm Bizmod, who adds, “PoPI is by no means new, yet we still find that many organisations of various sizes are battling with compliance.
“In South Africa, cybercrime has become a national crisis, as data breach risks are growing and South African businesses are unprepared for the growing risk of cyber-attacks.
“Many organisations struggle to implement the intent of the Act in a practical way that does not hamper the day-to-day running of the business. At the centre of any compliance implementation is the ability to interpret legislation into practical guidelines or interventions, which will enable businesses to comply at a process, systems, people and data level.”
The 2015 Information Security Breach Survey, undertaken by PWC, showed that 90% of large organisations reported suffering a security breach in 2015. It found that 59% of employees steal proprietary corporate data when they quit or are fired and 68% of funds lost because of a cyber-attack were declared unrecoverable. The average time to detect a malicious or criminal attack by a global study sample of organisations was 170 days.
Pretorius provides these guidelines for organisations struggling with compliance and data breaches:
“The PoPI act creates significant impact on business as complying with it requires changes of most processes and systems which then have a direct impact on employees’ behaviour. The organisation is accountable for overseeing its PoPI compliance and therefore it needs to identify and design pragmatic steps and interventions for sustainable results,” concludes Pretorius.