Enforcement of the Protection of Personal Information (POPI) Act: Perspective of data management professionals

South African Journal of Information Management

 
 
Field Value
 
Title Enforcement of the Protection of Personal Information (POPI) Act: Perspective of data management professionals
 
Creator Kandeh, Agbor T. Botha, Reinhardt A. Futcher, Lynn A.
 
Subject information technology governance POPI Act; privacy; enforcement; data management; information security
Description Background: The urgency to enforce the Protection of Personal Information (POPI) Act is building up within South Africa, triggered by the appointment of the Information Regulator for POPI on 01 December 2016. However, for data management practitioners, the absence of a practical guideline on how to legally process personal information of employees, customers or other juristic persons in line with the POPI Act poses a day-to-day technical challenge, especially for those embarking on a maiden journey to comply with the POPI Act.Objectives: The objective of this article is to explore and analyse the unique perspectives of data management professionals who are vested with the responsibility of driving the successful enforcement of the POPI Act within their respective organisations, with the end goal of formulating a practical guideline for the enforcement of the POPI Act.Method: To achieve the objectives of this research article, semi-structured interviews were conducted with a purposive, convenience sample of 16 data management professionals within companies in South Africa. A recording of their views was obtained through one-on-one interviews and a group interview.Results: From the semi-structured interviews, group interview and response to the questions, several findings and learnings were elicited. Zooming into these findings showed close similarities in the actions taken by data management professionals operating in a similar industry. Based on these results, a high-level sequence of steps on how to enforce the POPI Act was formulated.Conclusion: Based on the formulated sequence of steps, it is safe to conclude that the actions of data management professionals can be used to create a practical guideline to enforce the POPI Act. However, to standardise these guidelines across the data management function, there is a need to perform testing with a wider spectrum of data management professionals.
 
Publisher AOSIS
 
Contributor
Date 2018-10-09
 
Type info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion — Survey/ Interview
Format text/html application/epub+zip application/xml application/pdf
Identifier 10.4102/sajim.v20i1.917
 
Source SA Journal of Information Management; Vol 20, No 1 (2018); 9 pages 1560-683X 2078-1865
 
Language eng
 
Relation
The following web links (URLs) may trigger a file download or direct you to an alternative webpage to gain access to a publication file format of the published article:

https://sajim.co.za/index.php/sajim/article/view/917/1317 https://sajim.co.za/index.php/sajim/article/view/917/1316 https://sajim.co.za/index.php/sajim/article/view/917/1318 https://sajim.co.za/index.php/sajim/article/view/917/1315
 
Coverage stratosphere chronoligical 38; male; black
Rights Copyright (c) 2018 Agbor T. Kandeh, Reinhardt A. Botha, Lynn A. Futcher https://creativecommons.org/licenses/by/4.0
ADVERTISEMENT

International Tel: 021 975 2602

15 Oxford street, Durbanville, Cape Town, 7550 (South Africa)
Copyright © AOSIS (Pty) Ltd. All rights reserved.
No unauthorised duplication allowed