DURBAN - Organisation should become regulator ready with the next 18 months in preparation for The Protection of Personal Information Act that will be implemented in 2018 according to Deloitte.
The act is there to push for the protection of of personal information of handled by private and public bodies.
The act also speaks of an Information Regulator that will be there to exercise some powers and do certain duties and in terms of the Protection of Personal Information Act and the Promotion of Access to Information Act.
June 2017 the Regulator released his strategic plan for 2017 to 2020 which outlines his values, vision, mandates and mission. Included in the pan is the strategic objectives to be accomplished between 2017 and 2020.
The regulator’s strategic initiative for 2017 and 2018 are assessment of pre existing and proposed legislation which may impact the protection of personal information and access to personal information and to create strategy in regards to the commencement of engagement with stakeholders concerned with with the protection of personal information and access to information.
In essence the Protection of Personal Information will become a normal part of the an organisations procedures and information governance framework.
According to Deloitte the advantages to being regulator ready are ensuring that there is trust in the organisation’s brand and at the same time protecting themselves against reputational risk.
Other benefits include improved data security, including protection against cyber attacks such as ransomware and boosting the organisation’s quality of information and the management of business.
Here are some steps that organisations can take to be regulator ready:
Privacy training and awareness so that an organisations staff understands the environment and framework within which the entity operates regarding personal information.
Incident management plan that will allow organisations to be proactive in handling a situation where there is unauthorised access to data, data that is lost or damaged data.
Personal information inventory which is a consolidate document that displays the collection of personal data, where is is used and stored within the organisation.