24/7 National Hotline: 0860 163 272 | Email: info@neasa.co.za
POPIA Information Regulator dishes out R5 million fine
POPIA
INFORMATION REGULATOR DISHES OUT R5 MILLION FINE
The Information Regulator recently issued a R5 million administrative fine to the Department of Justice and Constitutional Development for non-compliance with the Protection of Personal Information Act (POPIA).
This serves as a stark reminder that businesses, as responsible parties, need to ensure that they are complying with the provisions of the Act in all of their information processing activities. The Information Regulator received 895 complaints relating to alleged violation of POPIA during the 2022/23 financial year.
A fine for POPIA contravention can reach up to R10 million, whilst imprisonment for up to 10 years can also be imposed. When the Regulator has to determine the appropriate fine for contravention of any POPIA provisions, it considers a variety of factors including but not limited to the likelihood of substantial damage or distress, including injury to feelings or anxiety suffered by data subjects, and any failure to carry out a risk assessment or a failure to operate good policies, procedures and practices to protect personal information.
Unfortunately, a contravention of POPIA can occur extremely quickly and without intent or malice on the side of the responsible party. Mitigating steps taken afterwards by the responsible party will not reduce the fine issued by the Regulator.
What is important, is that businesses should not just ensure that they are compliant with the requirements of POPIA, or hope that there never occurs an event which leads to damage, loss or unauthorised access to information under their control, but also that they are compliant with the requirements of POPIA during the course of their business. The Regulator does not have to await a complaint to launch an investigation.
If the Regulator can issue fines accumulating into millions of rands for the state coffers for mere infractions of POPIA, businesses must be wary of its strong incentive to do so.
For POPIA compliance assistance services, please contact your regional NEASA office.
For more information:
NEASA Media Department
media@neasa.co.za