Thursday, February 6, 2025
No menu items!

HDS: The POPI Act could kick start data optimisation

Must Read
Hitachi Data Systems Corporation
These provisions impact on the management and storage of data in a number of ways. (Image source: Google/my-hds.com)

Speaking at the Hitachi Information Forum in Johannesburg last week, HDS experts outlined the changing data storage and management environment, noting that big data and new legislation were forcing a fresh look at data storage and management.

Today, enterprises face more than just exponentially growing volumes of data to manage: they must also be in a position to identify the relevant data from a vast pool of ‘dark data’ in order to tap into the ‘treasure trove of data’ which businesses can use to innovate and stay ahead of the competition.


POPI to impact data management and storage

Cleo Becker, HDS Regional Counsel Sub-Saharan Africa, Middle East and Turkey, Israel, highlighted the impact of the Protection of Personal Information (POPI) Act on the data centre. There are eight processing principles which must be complied with by all companies processing personal information in terms of POPI. Becker highlighted three principles of particular importance to those working in the data centre environment.

– Purpose specification: anyone collecting, processing or storing personal information must make the data subject aware of the purposes for which it will be used and destroy it after this purpose has been achieved;

– Security safeguards: companies who process personal information must ensure that adequate security safeguards are in place to maintain its integrity and confidentiality, and

– Data subject participation: if a person requests that a company who is processing its personal information delete, update or modify its personal information which is no longer accurate or relevant, the company in question must ensure that the personal information is updated or they may need to find and permanently delete this data from every source. In the data center this means locating all copies of the personal information (including any back up copies).

“Importantly, businesses should also be aware of the fact that POPI differentiates between personal information and special personal information. Special personal information includes areas like medical history, race, religion and criminal records – these are subject to an even higher standard of security than just personal information.”

These provisions impact on the management and storage of data in a number of ways, she explained. As the majority of companies in South Africa will process personal information relating to their customers and employees, businesses need to be aware of the legislation governing the management and storage of each type of data.

For example, although there is no prescribed period for data retention in South Africa most companies generally retain data for at least three years to satisfy numerous legal requirements. “POPI says you can’t keep the personal information for longer than needed to achieve the purpose for which it was collected or subsequently processed,” says Becker.  “So, for example, for employee information, you would want to keep it for the lifetime of the employment relationship and at least for three years thereafter so that you can settle any employment or PAYE disputes. Likewise, customer information would be kept for the lifetime of the contract and at least three years after that to settle any disputes. After that, you need to securely delete it, destroy it or de-identify it in a way that it can no longer be reconstituted at a later date.

In South Africa, multiple bodies enforce data retention laws for different kinds of data. SARS asks individuals to store tax information for up to five years, whereas FICA and RICA demand that you collect and retain personal customer information for a specified period of time. So it’s very important that you know the type of personal information you’re collecting the applicable retention legislation as specific laws will overrule the general retention period prescribed by POPI.”

Storage itself is also an important element, said Becker. “The Electronic Communications and Transactions (ECT) Act is important when using electronic records for evidentiary purposes – for example, when you want to use certain emails in a dispute in the CCMA. You need to ensure that the data is saved in the same format in which it was created. When the court assesses the evidentiary weight of that data message, they are going to be looking at how it was maintained and stored.”

The changing data centre

Compliance will require changes in the data centre, Becker said. “You need to know what kind of personal information you’re storing. You need to conduct a risk assessment and be aware of all the internal and external risks. And once you’ve done that you need to put adequate security safeguards in place to protect against those risks, and constantly review them to ensure that they are enforced. You will then improve your data quality and that leads to a greater ROI on other work streams such as data analytics. It also reduces the risk of loss of the information and, ultimately, leads to greater customer loyalty and trust.”

Echoing this sentiment, Stuart Cheverton, Business Development Consultant – File and Content Solutions at HDS South Africa, said: “We have to look at managing our data a little differently. We have to cope with large amounts of data, we have to decide what is relevant and what isn’t. Compliance with legislation such as POPI will help us put these policies in place. Once we embark on this road, we will get to a point where we start reducing the volume of data we are storing and managing, which gives us the ability to more effectively extract valuable information from this data.”

Staff Writer

- Advertisement -

Safaricom & NGO Launch AI Farming Solutions to Kenyan Agriculture

Safaricom PLC and Opportunity International, a global non-governmental organization, have developed FarmerAI in Kenya, an innovative AI chatbot that...
Latest News
- Advertisement -

More Articles Like This

- Advertisement -