If the Protection of Personal Information Act (POPI) was already law, certain organisations might be displaying a little less arrogance. Sanral, for example, would have several executives in jail and be out of pocket by a couple of hundred million rand. Such would have been the consequences of playing fast and loose with people’s personal information as has been revealed by ITWeb in an on-going investigation. The Act doesn’t stop there: it also allows citizens whose information has been leaked to sue for damages.

As it is, POPI is not yet in force. After it comes into effect at the end of this year, organisations both public and private have a year’s grace to get compliant, after which they will have to take great care with the information they hold on all of us. For the information executive on the other side of the website or ATM transaction, POPI poses a number of unique problems, not the least of which is how to get a handle on internal information governance.